New function SSL_CTX_set_session_id_context.

Submitted by: Reviewed by: PR:

New function SSL_CTX_set_session_id_context.
Submitted by: Reviewed by: PR:
4eb77b26 · Bodo Möller · 81c8ee09 · 4eb77b26 · 4eb77b26 · 4eb77b26
隐藏空白更改
内联并排

Showing with 28 addition and 0 deletion

CHANGES CHANGES +5 -0

ssl/ssl.h ssl/ssl.h +6 -0

ssl/ssl_err.c ssl/ssl_err.c +1 -0

ssl/ssl_lib.c ssl/ssl_lib.c +16 -0

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,11 @@

 Changes between 0.9.2b and 0.9.3

+  *) New function SSL_CTX_set_session_id_context that allows to set a default
+     value (so that you don't need SSL_set_session_id_context for each connection
+     using the SSL_CTX).
+     [Bodo Moeller]
+
  *) OAEP decoding bug fix.
     [Ulf Möller]


--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -394,6 +394,8 @@ struct ssl_ctx_st
 /**/	struct cert_st /* CERT */ *default_cert;
 /**/	int read_ahead;
 /**/	int verify_mode;
+/**/	unsigned int sid_ctx_length;
+/**/	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
 /**/	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);

 	/* Default password callback. */
@@ -929,6 +931,9 @@ void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)());
 int SSL_CTX_check_private_key(SSL_CTX *ctx);
 int SSL_check_private_key(SSL *ctx);

+int	SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
+				       unsigned int sid_ctx_len);
+
 SSL *	SSL_new(SSL_CTX *ctx);
 int	SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
 				   unsigned int sid_ctx_len);
@@ -1153,6 +1158,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_F_SSL_CREATE_CIPHER_LIST			 166
 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY			 168
 #define SSL_F_SSL_CTX_NEW				 169
+#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT		 219
 #define SSL_F_SSL_CTX_SET_SSL_VERSION			 170
 #define SSL_F_SSL_CTX_USE_CERTIFICATE			 171
 #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1		 172

--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -138,6 +138,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0),	"SSL_CREATE_CIPHER_LIST"},
 {ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0),	"SSL_CTX_check_private_key"},
 {ERR_PACK(0,SSL_F_SSL_CTX_NEW,0),	"SSL_CTX_new"},
+{ERR_PACK(0,SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,0),	"SSL_CTX_set_session_id_context"},
 {ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0),	"SSL_CTX_set_ssl_version"},
 {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0),	"SSL_CTX_use_certificate"},
 {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0),	"SSL_CTX_use_certificate_ASN1"},

--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -186,6 +186,8 @@ SSL *SSL_new(SSL_CTX *ctx)
 		}
 	else
 		s->cert=NULL;
+	s->sid_ctx_length=ctx->sid_ctx_length;
+	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
 	s->verify_mode=ctx->verify_mode;
 	s->verify_callback=ctx->default_verify_callback;
 	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
@@ -216,6 +218,20 @@ err:
 	return(NULL);
 	}

+int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
+				   unsigned int sid_ctx_len)
+    {
+    if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
+	{
+	SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+	return 0;
+	}
+    ctx->sid_ctx_length=sid_ctx_len;
+    memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
+
+    return 1;
+    }
+
 int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
 			       unsigned int sid_ctx_len)
    {