diff options
| author | beck <> | 1999-09-29 04:37:45 +0000 |
|---|---|---|
| committer | beck <> | 1999-09-29 04:37:45 +0000 |
| commit | de8f24ea083384bb66b32ec105dc4743c5663cdf (patch) | |
| tree | 1412176ae62a3cab2cf2b0b92150fcbceaac6092 /src/lib/libssl/ssl_sess.c | |
| parent | cb929d29896bcb87c2a97417fbd03e50078fc178 (diff) | |
| download | openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.tar.gz openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.tar.bz2 openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.zip | |
OpenSSL 0.9.4 merge
Diffstat (limited to 'src/lib/libssl/ssl_sess.c')
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 257 |
1 files changed, 156 insertions, 101 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 8212600e40..681499f08a 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -57,56 +57,41 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "lhash.h" | 60 | #include <openssl/lhash.h> |
| 61 | #include "rand.h" | 61 | #include <openssl/rand.h> |
| 62 | #include "ssl_locl.h" | 62 | #include "ssl_locl.h" |
| 63 | 63 | ||
| 64 | #ifndef NOPROTO | ||
| 65 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); | 64 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); |
| 66 | static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); | 65 | static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); |
| 67 | #else | 66 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); |
| 68 | static void SSL_SESSION_list_remove(); | 67 | static int ssl_session_num=0; |
| 69 | static void SSL_SESSION_list_add(); | ||
| 70 | #endif | ||
| 71 | |||
| 72 | static ssl_session_num=0; | ||
| 73 | static STACK *ssl_session_meth=NULL; | 68 | static STACK *ssl_session_meth=NULL; |
| 74 | 69 | ||
| 75 | SSL_SESSION *SSL_get_session(ssl) | 70 | SSL_SESSION *SSL_get_session(SSL *ssl) |
| 76 | SSL *ssl; | ||
| 77 | { | 71 | { |
| 78 | return(ssl->session); | 72 | return(ssl->session); |
| 79 | } | 73 | } |
| 80 | 74 | ||
| 81 | int SSL_SESSION_get_ex_new_index(argl,argp,new_func,dup_func,free_func) | 75 | int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(), |
| 82 | long argl; | 76 | int (*dup_func)(), void (*free_func)()) |
| 83 | char *argp; | 77 | { |
| 84 | int (*new_func)(); | 78 | ssl_session_num++; |
| 85 | int (*dup_func)(); | 79 | return(CRYPTO_get_ex_new_index(ssl_session_num-1, |
| 86 | void (*free_func)(); | ||
| 87 | { | ||
| 88 | ssl_session_num++; | ||
| 89 | return(CRYPTO_get_ex_new_index(ssl_session_num-1, | ||
| 90 | &ssl_session_meth, | 80 | &ssl_session_meth, |
| 91 | argl,argp,new_func,dup_func,free_func)); | 81 | argl,argp,new_func,dup_func,free_func)); |
| 92 | } | 82 | } |
| 93 | 83 | ||
| 94 | int SSL_SESSION_set_ex_data(s,idx,arg) | 84 | int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) |
| 95 | SSL_SESSION *s; | ||
| 96 | int idx; | ||
| 97 | char *arg; | ||
| 98 | { | 85 | { |
| 99 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | 86 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); |
| 100 | } | 87 | } |
| 101 | 88 | ||
| 102 | char *SSL_SESSION_get_ex_data(s,idx) | 89 | void *SSL_SESSION_get_ex_data(SSL_SESSION *s, int idx) |
| 103 | SSL_SESSION *s; | ||
| 104 | int idx; | ||
| 105 | { | 90 | { |
| 106 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | 91 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); |
| 107 | } | 92 | } |
| 108 | 93 | ||
| 109 | SSL_SESSION *SSL_SESSION_new() | 94 | SSL_SESSION *SSL_SESSION_new(void) |
| 110 | { | 95 | { |
| 111 | SSL_SESSION *ss; | 96 | SSL_SESSION *ss; |
| 112 | 97 | ||
| @@ -123,21 +108,24 @@ SSL_SESSION *SSL_SESSION_new() | |||
| 123 | ss->time=time(NULL); | 108 | ss->time=time(NULL); |
| 124 | ss->prev=NULL; | 109 | ss->prev=NULL; |
| 125 | ss->next=NULL; | 110 | ss->next=NULL; |
| 111 | ss->compress_meth=0; | ||
| 126 | CRYPTO_new_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data); | 112 | CRYPTO_new_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data); |
| 127 | return(ss); | 113 | return(ss); |
| 128 | } | 114 | } |
| 129 | 115 | ||
| 130 | int ssl_get_new_session(s, session) | 116 | int ssl_get_new_session(SSL *s, int session) |
| 131 | SSL *s; | ||
| 132 | int session; | ||
| 133 | { | 117 | { |
| 118 | /* This gets used by clients and servers. */ | ||
| 119 | |||
| 134 | SSL_SESSION *ss=NULL; | 120 | SSL_SESSION *ss=NULL; |
| 135 | 121 | ||
| 136 | if ((ss=SSL_SESSION_new()) == NULL) return(0); | 122 | if ((ss=SSL_SESSION_new()) == NULL) return(0); |
| 137 | 123 | ||
| 138 | /* If the context has a default timeout, use it */ | 124 | /* If the context has a default timeout, use it */ |
| 139 | if (s->ctx->session_timeout != 0) | 125 | if (s->ctx->session_timeout == 0) |
| 140 | ss->timeout=SSL_get_default_timeout(s); | 126 | ss->timeout=SSL_get_default_timeout(s); |
| 127 | else | ||
| 128 | ss->timeout=s->ctx->session_timeout; | ||
| 141 | 129 | ||
| 142 | if (s->session != NULL) | 130 | if (s->session != NULL) |
| 143 | { | 131 | { |
| @@ -147,7 +135,7 @@ int session; | |||
| 147 | 135 | ||
| 148 | if (session) | 136 | if (session) |
| 149 | { | 137 | { |
| 150 | if (s->version == SSL2_CLIENT_VERSION) | 138 | if (s->version == SSL2_VERSION) |
| 151 | { | 139 | { |
| 152 | ss->ssl_version=SSL2_VERSION; | 140 | ss->ssl_version=SSL2_VERSION; |
| 153 | ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; | 141 | ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; |
| @@ -180,6 +168,8 @@ int session; | |||
| 180 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 168 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 181 | if (r == NULL) break; | 169 | if (r == NULL) break; |
| 182 | /* else - woops a session_id match */ | 170 | /* else - woops a session_id match */ |
| 171 | /* XXX should also check external cache! | ||
| 172 | * (But the probability of a collision is negligible, anyway...) */ | ||
| 183 | } | 173 | } |
| 184 | } | 174 | } |
| 185 | else | 175 | else |
| @@ -187,58 +177,100 @@ int session; | |||
| 187 | ss->session_id_length=0; | 177 | ss->session_id_length=0; |
| 188 | } | 178 | } |
| 189 | 179 | ||
| 180 | memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); | ||
| 181 | ss->sid_ctx_length=s->sid_ctx_length; | ||
| 190 | s->session=ss; | 182 | s->session=ss; |
| 191 | ss->ssl_version=s->version; | 183 | ss->ssl_version=s->version; |
| 192 | 184 | ||
| 193 | return(1); | 185 | return(1); |
| 194 | } | 186 | } |
| 195 | 187 | ||
| 196 | int ssl_get_prev_session(s,session_id,len) | 188 | int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) |
| 197 | SSL *s; | ||
| 198 | unsigned char *session_id; | ||
| 199 | int len; | ||
| 200 | { | 189 | { |
| 190 | /* This is used only by servers. */ | ||
| 191 | |||
| 201 | SSL_SESSION *ret=NULL,data; | 192 | SSL_SESSION *ret=NULL,data; |
| 193 | int fatal = 0; | ||
| 202 | 194 | ||
| 203 | /* conn_init();*/ | 195 | /* conn_init();*/ |
| 204 | data.ssl_version=s->version; | 196 | data.ssl_version=s->version; |
| 205 | data.session_id_length=len; | 197 | data.session_id_length=len; |
| 206 | if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) | 198 | if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) |
| 207 | return(0); | 199 | goto err; |
| 208 | memcpy(data.session_id,session_id,len);; | 200 | memcpy(data.session_id,session_id,len); |
| 209 | 201 | ||
| 210 | if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) | 202 | if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) |
| 211 | { | 203 | { |
| 212 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 204 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 213 | ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data); | 205 | ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data); |
| 206 | if (ret != NULL) | ||
| 207 | /* don't allow other threads to steal it: */ | ||
| 208 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | ||
| 214 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 209 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 215 | } | 210 | } |
| 216 | 211 | ||
| 217 | if (ret == NULL) | 212 | if (ret == NULL) |
| 218 | { | 213 | { |
| 219 | int copy=1; | 214 | int copy=1; |
| 220 | 215 | ||
| 221 | s->ctx->sess_miss++; | 216 | s->ctx->stats.sess_miss++; |
| 222 | ret=NULL; | 217 | ret=NULL; |
| 223 | if ((s->ctx->get_session_cb != NULL) && | 218 | if (s->ctx->get_session_cb != NULL |
| 224 | ((ret=s->ctx->get_session_cb(s,session_id,len,©)) | 219 | && (ret=s->ctx->get_session_cb(s,session_id,len,©)) |
| 225 | != NULL)) | 220 | != NULL) |
| 226 | { | 221 | { |
| 227 | s->ctx->sess_cb_hit++; | 222 | s->ctx->stats.sess_cb_hit++; |
| 223 | |||
| 224 | /* Increment reference count now if the session callback | ||
| 225 | * asks us to do so (note that if the session structures | ||
| 226 | * returned by the callback are shared between threads, | ||
| 227 | * it must handle the reference count itself [i.e. copy == 0], | ||
| 228 | * or things won't be thread-safe). */ | ||
| 229 | if (copy) | ||
| 230 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | ||
| 228 | 231 | ||
| 229 | /* The following should not return 1, otherwise, | 232 | /* The following should not return 1, otherwise, |
| 230 | * things are very strange */ | 233 | * things are very strange */ |
| 231 | SSL_CTX_add_session(s->ctx,ret); | 234 | SSL_CTX_add_session(s->ctx,ret); |
| 232 | /* auto free it */ | ||
| 233 | if (!copy) | ||
| 234 | SSL_SESSION_free(ret); | ||
| 235 | } | 235 | } |
| 236 | if (ret == NULL) return(0); | 236 | if (ret == NULL) |
| 237 | goto err; | ||
| 238 | } | ||
| 239 | |||
| 240 | /* Now ret is non-NULL, and we own one of its reference counts. */ | ||
| 241 | |||
| 242 | if((s->verify_mode&SSL_VERIFY_PEER) | ||
| 243 | && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length | ||
| 244 | || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))) | ||
| 245 | { | ||
| 246 | /* We've found the session named by the client, but we don't | ||
| 247 | * want to use it in this context. */ | ||
| 248 | |||
| 249 | if (s->sid_ctx_length == 0) | ||
| 250 | { | ||
| 251 | /* application should have used SSL[_CTX]_set_session_id_context | ||
| 252 | * -- we could tolerate this and just pretend we never heard | ||
| 253 | * of this session, but then applications could effectively | ||
| 254 | * disable the session cache by accident without anyone noticing */ | ||
| 255 | |||
| 256 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); | ||
| 257 | fatal = 1; | ||
| 258 | goto err; | ||
| 259 | } | ||
| 260 | else | ||
| 261 | { | ||
| 262 | #if 0 /* The client cannot always know when a session is not appropriate, | ||
| 263 | * so we shouldn't generate an error message. */ | ||
| 264 | |||
| 265 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); | ||
| 266 | #endif | ||
| 267 | goto err; /* treat like cache miss */ | ||
| 268 | } | ||
| 237 | } | 269 | } |
| 238 | 270 | ||
| 239 | if (ret->cipher == NULL) | 271 | if (ret->cipher == NULL) |
| 240 | { | 272 | { |
| 241 | char buf[5],*p; | 273 | unsigned char buf[5],*p; |
| 242 | unsigned long l; | 274 | unsigned long l; |
| 243 | 275 | ||
| 244 | p=buf; | 276 | p=buf; |
| @@ -249,25 +281,28 @@ int len; | |||
| 249 | else | 281 | else |
| 250 | ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); | 282 | ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); |
| 251 | if (ret->cipher == NULL) | 283 | if (ret->cipher == NULL) |
| 252 | return(0); | 284 | goto err; |
| 253 | } | 285 | } |
| 254 | 286 | ||
| 287 | |||
| 288 | #if 0 /* This is way too late. */ | ||
| 289 | |||
| 255 | /* If a thread got the session, then 'swaped', and another got | 290 | /* If a thread got the session, then 'swaped', and another got |
| 256 | * it and then due to a time-out decided to 'Free' it we could | 291 | * it and then due to a time-out decided to 'Free' it we could |
| 257 | * be in trouble. So I'll increment it now, then double decrement | 292 | * be in trouble. So I'll increment it now, then double decrement |
| 258 | * later - am I speaking rubbish?. */ | 293 | * later - am I speaking rubbish?. */ |
| 259 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | 294 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); |
| 295 | #endif | ||
| 260 | 296 | ||
| 261 | if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */ | 297 | if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */ |
| 262 | { | 298 | { |
| 263 | s->ctx->sess_timeout++; | 299 | s->ctx->stats.sess_timeout++; |
| 264 | /* remove it from the cache */ | 300 | /* remove it from the cache */ |
| 265 | SSL_CTX_remove_session(s->ctx,ret); | 301 | SSL_CTX_remove_session(s->ctx,ret); |
| 266 | SSL_SESSION_free(ret); /* again to actually Free it */ | 302 | goto err; |
| 267 | return(0); | ||
| 268 | } | 303 | } |
| 269 | 304 | ||
| 270 | s->ctx->sess_hit++; | 305 | s->ctx->stats.sess_hit++; |
| 271 | 306 | ||
| 272 | /* ret->time=time(NULL); */ /* rezero timeout? */ | 307 | /* ret->time=time(NULL); */ /* rezero timeout? */ |
| 273 | /* again, just leave the session | 308 | /* again, just leave the session |
| @@ -277,11 +312,17 @@ int len; | |||
| 277 | SSL_SESSION_free(s->session); | 312 | SSL_SESSION_free(s->session); |
| 278 | s->session=ret; | 313 | s->session=ret; |
| 279 | return(1); | 314 | return(1); |
| 315 | |||
| 316 | err: | ||
| 317 | if (ret != NULL) | ||
| 318 | SSL_SESSION_free(ret); | ||
| 319 | if (fatal) | ||
| 320 | return -1; | ||
| 321 | else | ||
| 322 | return 0; | ||
| 280 | } | 323 | } |
| 281 | 324 | ||
| 282 | int SSL_CTX_add_session(ctx,c) | 325 | int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) |
| 283 | SSL_CTX *ctx; | ||
| 284 | SSL_SESSION *c; | ||
| 285 | { | 326 | { |
| 286 | int ret=0; | 327 | int ret=0; |
| 287 | SSL_SESSION *s; | 328 | SSL_SESSION *s; |
| @@ -314,11 +355,11 @@ SSL_SESSION *c; | |||
| 314 | while (SSL_CTX_sess_number(ctx) > | 355 | while (SSL_CTX_sess_number(ctx) > |
| 315 | SSL_CTX_sess_get_cache_size(ctx)) | 356 | SSL_CTX_sess_get_cache_size(ctx)) |
| 316 | { | 357 | { |
| 317 | if (!SSL_CTX_remove_session(ctx, | 358 | if (!remove_session_lock(ctx, |
| 318 | ctx->session_cache_tail)) | 359 | ctx->session_cache_tail, 0)) |
| 319 | break; | 360 | break; |
| 320 | else | 361 | else |
| 321 | ctx->sess_cache_full++; | 362 | ctx->stats.sess_cache_full++; |
| 322 | } | 363 | } |
| 323 | } | 364 | } |
| 324 | } | 365 | } |
| @@ -326,16 +367,19 @@ SSL_SESSION *c; | |||
| 326 | return(ret); | 367 | return(ret); |
| 327 | } | 368 | } |
| 328 | 369 | ||
| 329 | int SSL_CTX_remove_session(ctx,c) | 370 | int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) |
| 330 | SSL_CTX *ctx; | 371 | { |
| 331 | SSL_SESSION *c; | 372 | return remove_session_lock(ctx, c, 1); |
| 373 | } | ||
| 374 | |||
| 375 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) | ||
| 332 | { | 376 | { |
| 333 | SSL_SESSION *r; | 377 | SSL_SESSION *r; |
| 334 | int ret=0; | 378 | int ret=0; |
| 335 | 379 | ||
| 336 | if ((c != NULL) && (c->session_id_length != 0)) | 380 | if ((c != NULL) && (c->session_id_length != 0)) |
| 337 | { | 381 | { |
| 338 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 382 | if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 339 | r=(SSL_SESSION *)lh_delete(ctx->sessions,(char *)c); | 383 | r=(SSL_SESSION *)lh_delete(ctx->sessions,(char *)c); |
| 340 | if (r != NULL) | 384 | if (r != NULL) |
| 341 | { | 385 | { |
| @@ -343,7 +387,7 @@ SSL_SESSION *c; | |||
| 343 | SSL_SESSION_list_remove(ctx,c); | 387 | SSL_SESSION_list_remove(ctx,c); |
| 344 | } | 388 | } |
| 345 | 389 | ||
| 346 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 390 | if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 347 | 391 | ||
| 348 | if (ret) | 392 | if (ret) |
| 349 | { | 393 | { |
| @@ -358,11 +402,13 @@ SSL_SESSION *c; | |||
| 358 | return(ret); | 402 | return(ret); |
| 359 | } | 403 | } |
| 360 | 404 | ||
| 361 | void SSL_SESSION_free(ss) | 405 | void SSL_SESSION_free(SSL_SESSION *ss) |
| 362 | SSL_SESSION *ss; | ||
| 363 | { | 406 | { |
| 364 | int i; | 407 | int i; |
| 365 | 408 | ||
| 409 | if(ss == NULL) | ||
| 410 | return; | ||
| 411 | |||
| 366 | i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); | 412 | i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); |
| 367 | #ifdef REF_PRINT | 413 | #ifdef REF_PRINT |
| 368 | REF_PRINT("SSL_SESSION",ss); | 414 | REF_PRINT("SSL_SESSION",ss); |
| @@ -381,16 +427,14 @@ SSL_SESSION *ss; | |||
| 381 | memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH); | 427 | memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH); |
| 382 | memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH); | 428 | memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH); |
| 383 | memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH); | 429 | memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH); |
| 384 | if (ss->cert != NULL) ssl_cert_free(ss->cert); | 430 | if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); |
| 385 | if (ss->peer != NULL) X509_free(ss->peer); | 431 | if (ss->peer != NULL) X509_free(ss->peer); |
| 386 | if (ss->ciphers != NULL) sk_free(ss->ciphers); | 432 | if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); |
| 387 | memset(ss,0,sizeof(*ss)); | 433 | memset(ss,0,sizeof(*ss)); |
| 388 | Free(ss); | 434 | Free(ss); |
| 389 | } | 435 | } |
| 390 | 436 | ||
| 391 | int SSL_set_session(s, session) | 437 | int SSL_set_session(SSL *s, SSL_SESSION *session) |
| 392 | SSL *s; | ||
| 393 | SSL_SESSION *session; | ||
| 394 | { | 438 | { |
| 395 | int ret=0; | 439 | int ret=0; |
| 396 | SSL_METHOD *meth; | 440 | SSL_METHOD *meth; |
| @@ -410,7 +454,10 @@ SSL_SESSION *session; | |||
| 410 | { | 454 | { |
| 411 | if (!SSL_set_ssl_method(s,meth)) | 455 | if (!SSL_set_ssl_method(s,meth)) |
| 412 | return(0); | 456 | return(0); |
| 413 | session->timeout=SSL_get_default_timeout(s); | 457 | if (s->ctx->session_timeout == 0) |
| 458 | session->timeout=SSL_get_default_timeout(s); | ||
| 459 | else | ||
| 460 | session->timeout=s->ctx->session_timeout; | ||
| 414 | } | 461 | } |
| 415 | 462 | ||
| 416 | /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ | 463 | /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ |
| @@ -428,42 +475,59 @@ SSL_SESSION *session; | |||
| 428 | SSL_SESSION_free(s->session); | 475 | SSL_SESSION_free(s->session); |
| 429 | s->session=NULL; | 476 | s->session=NULL; |
| 430 | } | 477 | } |
| 478 | |||
| 479 | meth=s->ctx->method; | ||
| 480 | if (meth != s->method) | ||
| 481 | { | ||
| 482 | if (!SSL_set_ssl_method(s,meth)) | ||
| 483 | return(0); | ||
| 484 | } | ||
| 485 | ret=1; | ||
| 431 | } | 486 | } |
| 432 | return(ret); | 487 | return(ret); |
| 433 | } | 488 | } |
| 434 | 489 | ||
| 435 | long SSL_SESSION_set_timeout(s,t) | 490 | long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) |
| 436 | SSL_SESSION *s; | ||
| 437 | long t; | ||
| 438 | { | 491 | { |
| 439 | if (s == NULL) return(0); | 492 | if (s == NULL) return(0); |
| 440 | s->timeout=t; | 493 | s->timeout=t; |
| 441 | return(1); | 494 | return(1); |
| 442 | } | 495 | } |
| 443 | 496 | ||
| 444 | long SSL_SESSION_get_timeout(s) | 497 | long SSL_SESSION_get_timeout(SSL_SESSION *s) |
| 445 | SSL_SESSION *s; | ||
| 446 | { | 498 | { |
| 447 | if (s == NULL) return(0); | 499 | if (s == NULL) return(0); |
| 448 | return(s->timeout); | 500 | return(s->timeout); |
| 449 | } | 501 | } |
| 450 | 502 | ||
| 451 | long SSL_SESSION_get_time(s) | 503 | long SSL_SESSION_get_time(SSL_SESSION *s) |
| 452 | SSL_SESSION *s; | ||
| 453 | { | 504 | { |
| 454 | if (s == NULL) return(0); | 505 | if (s == NULL) return(0); |
| 455 | return(s->time); | 506 | return(s->time); |
| 456 | } | 507 | } |
| 457 | 508 | ||
| 458 | long SSL_SESSION_set_time(s,t) | 509 | long SSL_SESSION_set_time(SSL_SESSION *s, long t) |
| 459 | SSL_SESSION *s; | ||
| 460 | long t; | ||
| 461 | { | 510 | { |
| 462 | if (s == NULL) return(0); | 511 | if (s == NULL) return(0); |
| 463 | s->time=t; | 512 | s->time=t; |
| 464 | return(t); | 513 | return(t); |
| 465 | } | 514 | } |
| 466 | 515 | ||
| 516 | long SSL_CTX_set_timeout(SSL_CTX *s, long t) | ||
| 517 | { | ||
| 518 | long l; | ||
| 519 | if (s == NULL) return(0); | ||
| 520 | l=s->session_timeout; | ||
| 521 | s->session_timeout=t; | ||
| 522 | return(l); | ||
| 523 | } | ||
| 524 | |||
| 525 | long SSL_CTX_get_timeout(SSL_CTX *s) | ||
| 526 | { | ||
| 527 | if (s == NULL) return(0); | ||
| 528 | return(s->session_timeout); | ||
| 529 | } | ||
| 530 | |||
| 467 | typedef struct timeout_param_st | 531 | typedef struct timeout_param_st |
| 468 | { | 532 | { |
| 469 | SSL_CTX *ctx; | 533 | SSL_CTX *ctx; |
| @@ -471,9 +535,7 @@ typedef struct timeout_param_st | |||
| 471 | LHASH *cache; | 535 | LHASH *cache; |
| 472 | } TIMEOUT_PARAM; | 536 | } TIMEOUT_PARAM; |
| 473 | 537 | ||
| 474 | static void timeout(s,p) | 538 | static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p) |
| 475 | SSL_SESSION *s; | ||
| 476 | TIMEOUT_PARAM *p; | ||
| 477 | { | 539 | { |
| 478 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ | 540 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ |
| 479 | { | 541 | { |
| @@ -488,15 +550,13 @@ TIMEOUT_PARAM *p; | |||
| 488 | } | 550 | } |
| 489 | } | 551 | } |
| 490 | 552 | ||
| 491 | void SSL_CTX_flush_sessions(s,t) | 553 | void SSL_CTX_flush_sessions(SSL_CTX *s, long t) |
| 492 | SSL_CTX *s; | ||
| 493 | long t; | ||
| 494 | { | 554 | { |
| 495 | unsigned long i; | 555 | unsigned long i; |
| 496 | TIMEOUT_PARAM tp; | 556 | TIMEOUT_PARAM tp; |
| 497 | 557 | ||
| 498 | tp.ctx=s; | 558 | tp.ctx=s; |
| 499 | tp.cache=SSL_CTX_sessions(s); | 559 | tp.cache=s->sessions; |
| 500 | if (tp.cache == NULL) return; | 560 | if (tp.cache == NULL) return; |
| 501 | tp.time=t; | 561 | tp.time=t; |
| 502 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 562 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| @@ -507,8 +567,7 @@ long t; | |||
| 507 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 567 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 508 | } | 568 | } |
| 509 | 569 | ||
| 510 | int ssl_clear_bad_session(s) | 570 | int ssl_clear_bad_session(SSL *s) |
| 511 | SSL *s; | ||
| 512 | { | 571 | { |
| 513 | if ( (s->session != NULL) && | 572 | if ( (s->session != NULL) && |
| 514 | !(s->shutdown & SSL_SENT_SHUTDOWN) && | 573 | !(s->shutdown & SSL_SENT_SHUTDOWN) && |
| @@ -522,9 +581,7 @@ SSL *s; | |||
| 522 | } | 581 | } |
| 523 | 582 | ||
| 524 | /* locked by SSL_CTX in the calling function */ | 583 | /* locked by SSL_CTX in the calling function */ |
| 525 | static void SSL_SESSION_list_remove(ctx,s) | 584 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) |
| 526 | SSL_CTX *ctx; | ||
| 527 | SSL_SESSION *s; | ||
| 528 | { | 585 | { |
| 529 | if ((s->next == NULL) || (s->prev == NULL)) return; | 586 | if ((s->next == NULL) || (s->prev == NULL)) return; |
| 530 | 587 | ||
| @@ -557,9 +614,7 @@ SSL_SESSION *s; | |||
| 557 | s->prev=s->next=NULL; | 614 | s->prev=s->next=NULL; |
| 558 | } | 615 | } |
| 559 | 616 | ||
| 560 | static void SSL_SESSION_list_add(ctx,s) | 617 | static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) |
| 561 | SSL_CTX *ctx; | ||
| 562 | SSL_SESSION *s; | ||
| 563 | { | 618 | { |
| 564 | if ((s->next != NULL) && (s->prev != NULL)) | 619 | if ((s->next != NULL) && (s->prev != NULL)) |
| 565 | SSL_SESSION_list_remove(ctx,s); | 620 | SSL_SESSION_list_remove(ctx,s); |