From e586eac8858c3ea1f6094f5a3ea489e8e7f1973a Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 21 Mar 2017 13:50:31 +0000 Subject: Add support for SSL_SESSION_is_resumable() Provide a way to test whether the SSL_SESSION object can be used to resume a sesion or not. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3008) --- ssl/ssl_sess.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'ssl/ssl_sess.c') diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index d1a4014316..7a3d858c0a 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -46,12 +46,12 @@ static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); /* - * TODO(TLS1.3): SSL_get_session() and SSL_get1_session() are problematic in - * TLS1.3 because, unlike in earlier protocol versions, the session ticket - * may not have been sent yet even though a handshake has finished. The session - * ticket data could come in sometime later...or even change if multiple session - * ticket messages are sent from the server. We need to work out how to deal - * with this. + * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because, + * unlike in earlier protocol versions, the session ticket may not have been + * sent yet even though a handshake has finished. The session ticket data could + * come in sometime later...or even change if multiple session ticket messages + * are sent from the server. The preferred way for applications to obtain + * a resumable session is to use SSL_CTX_sess_set_new_cb(). */ SSL_SESSION *SSL_get_session(const SSL *ssl) @@ -929,6 +929,16 @@ int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, return 1; } +int SSL_SESSION_is_resumable(const SSL_SESSION *s) +{ + /* + * In the case of EAP-FAST, we can have a pre-shared "ticket" without a + * session ID. + */ + return !s->not_resumable + && (s->session_id_length > 0 || s->ext.ticklen > 0); +} + long SSL_CTX_set_timeout(SSL_CTX *s, long t) { long l; -- cgit v1.2.3