New function SSL_renegotiate_pending().
New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
This commit is contained in:
Bodo Möller
parent
c404ff7955
commit
6b0e9facf4
16
CHANGES
16
CHANGES
@ -12,6 +12,22 @@
|
|||||||
*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
|
*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
|
||||||
+) applies to 0.9.7 only
|
+) applies to 0.9.7 only
|
||||||
|
|
||||||
|
+) New function SSL_renegotiate_pending(). This returns true once
|
||||||
|
renegotiation has been requested (either SSL_renegotiate() call
|
||||||
|
or HelloRequest/ClientHello receveived from the peer) and becomes
|
||||||
|
false once a handshake has been completed.
|
||||||
|
(For servers, SSL_renegotiate() followed by SSL_do_handshake()
|
||||||
|
sends a HelloRequest, but does not ensure that a handshake takes
|
||||||
|
place. SSL_renegotiate_pending() is useful for checking if the
|
||||||
|
client has followed the request.)
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
+) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
|
||||||
|
By default, clients may request session resumption even during
|
||||||
|
renegotiation (if session ID contexts permit); with this option,
|
||||||
|
session resumption is possible only in the first handshake.
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
*) Fix ssl3_accept (ssl/s3_srvr.c): Do not call ssl_init_wbio_buffer()
|
*) Fix ssl3_accept (ssl/s3_srvr.c): Do not call ssl_init_wbio_buffer()
|
||||||
when just sending a HelloRequest as this could interfere with
|
when just sending a HelloRequest as this could interfere with
|
||||||
application data writes (and is totally unnecessary).
|
application data writes (and is totally unnecessary).
|
||||||
|
|||||||
@ -524,7 +524,9 @@ int ssl3_accept(SSL *s)
|
|||||||
/* remove buffering on output */
|
/* remove buffering on output */
|
||||||
ssl_free_wbio_buffer(s);
|
ssl_free_wbio_buffer(s);
|
||||||
|
|
||||||
s->new_session=0;
|
if (s->new_session == 2)
|
||||||
|
s->new_session=0;
|
||||||
|
/* if s->new_session is still 1, we have only sent a HelloRequest */
|
||||||
s->init_num=0;
|
s->init_num=0;
|
||||||
|
|
||||||
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
|
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
|
||||||
@ -673,7 +675,15 @@ static int ssl3_get_client_hello(SSL *s)
|
|||||||
j= *(p++);
|
j= *(p++);
|
||||||
|
|
||||||
s->hit=0;
|
s->hit=0;
|
||||||
if (j == 0)
|
/* Versions before 0.9.7 always allow session reuse during renegotiation
|
||||||
|
* (i.e. when s->new_session is true), option
|
||||||
|
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.
|
||||||
|
* Maybe this optional behaviour should always have been the default,
|
||||||
|
* but we cannot safely change the default behaviour (or new applications
|
||||||
|
* might be written that become totally unsecure when compiled with
|
||||||
|
* an earlier library version)
|
||||||
|
*/
|
||||||
|
if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
|
||||||
{
|
{
|
||||||
if (!ssl_get_new_session(s,1))
|
if (!ssl_get_new_session(s,1))
|
||||||
goto err;
|
goto err;
|
||||||
@ -694,6 +704,11 @@ static int ssl3_get_client_hello(SSL *s)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (s->new_session)
|
||||||
|
/* actually not necessarily a 'new' section unless
|
||||||
|
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
|
||||||
|
s->new_session = 2;
|
||||||
|
|
||||||
p+=j;
|
p+=j;
|
||||||
n2s(p,i);
|
n2s(p,i);
|
||||||
if ((i == 0) && (j != 0))
|
if ((i == 0) && (j != 0))
|
||||||
|
|||||||
12
ssl/ssl.h
12
ssl/ssl.h
@ -335,7 +335,8 @@ typedef struct ssl_session_st
|
|||||||
|
|
||||||
/* If set, always create a new key when using tmp_dh parameters */
|
/* If set, always create a new key when using tmp_dh parameters */
|
||||||
#define SSL_OP_SINGLE_DH_USE 0x00100000L
|
#define SSL_OP_SINGLE_DH_USE 0x00100000L
|
||||||
/* Set to also use the tmp_rsa key when doing RSA operations. */
|
/* Set to always use the tmp_rsa key when doing RSA operations,
|
||||||
|
* even when this violates protocol specs */
|
||||||
#define SSL_OP_EPHEMERAL_RSA 0x00200000L
|
#define SSL_OP_EPHEMERAL_RSA 0x00200000L
|
||||||
/* Set on servers to choose the cipher according to the server's
|
/* Set on servers to choose the cipher according to the server's
|
||||||
* preferences */
|
* preferences */
|
||||||
@ -345,6 +346,8 @@ typedef struct ssl_session_st
|
|||||||
* (version 3.1) was announced in the client hello. Normally this is
|
* (version 3.1) was announced in the client hello. Normally this is
|
||||||
* forbidden to prevent version rollback attacks. */
|
* forbidden to prevent version rollback attacks. */
|
||||||
#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
|
#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
|
||||||
|
/* As server, disallow session resumption on renegotiation */
|
||||||
|
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x01000000L
|
||||||
|
|
||||||
/* The next flag deliberately changes the ciphertest, this is a check
|
/* The next flag deliberately changes the ciphertest, this is a check
|
||||||
* for the PKCS#1 attack */
|
* for the PKCS#1 attack */
|
||||||
@ -640,7 +643,11 @@ struct ssl_st
|
|||||||
|
|
||||||
int server; /* are we the server side? - mostly used by SSL_clear*/
|
int server; /* are we the server side? - mostly used by SSL_clear*/
|
||||||
|
|
||||||
int new_session;/* 1 if we are to use a new session */
|
int new_session;/* 1 if we are to use a new session,
|
||||||
|
* (sometimes 2 after a new session has in fact been assigned).
|
||||||
|
* NB: For servers, the 'new' session may actually be a previously
|
||||||
|
* cached session or even the previous session unless
|
||||||
|
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
|
||||||
int quiet_shutdown;/* don't send shutdown packets */
|
int quiet_shutdown;/* don't send shutdown packets */
|
||||||
int shutdown; /* we have shut things down, 0x01 sent, 0x02
|
int shutdown; /* we have shut things down, 0x01 sent, 0x02
|
||||||
* for received */
|
* for received */
|
||||||
@ -1157,6 +1164,7 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s);
|
|||||||
|
|
||||||
int SSL_do_handshake(SSL *s);
|
int SSL_do_handshake(SSL *s);
|
||||||
int SSL_renegotiate(SSL *s);
|
int SSL_renegotiate(SSL *s);
|
||||||
|
int SSL_renegotiate_pending(SSL *s);
|
||||||
int SSL_shutdown(SSL *s);
|
int SSL_shutdown(SSL *s);
|
||||||
|
|
||||||
SSL_METHOD *SSL_get_ssl_method(SSL *s);
|
SSL_METHOD *SSL_get_ssl_method(SSL *s);
|
||||||
|
|||||||
@ -836,6 +836,13 @@ int SSL_renegotiate(SSL *s)
|
|||||||
return(s->method->ssl_renegotiate(s));
|
return(s->method->ssl_renegotiate(s));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int SSL_renegotiate_pending(SSL *s)
|
||||||
|
{
|
||||||
|
/* becomes true when negotiation is requested;
|
||||||
|
* false again once a handshake has finished */
|
||||||
|
return (s->new_session != 0);
|
||||||
|
}
|
||||||
|
|
||||||
long SSL_ctrl(SSL *s,int cmd,long larg,char *parg)
|
long SSL_ctrl(SSL *s,int cmd,long larg,char *parg)
|
||||||
{
|
{
|
||||||
long l;
|
long l;
|
||||||
|
|||||||
@ -212,3 +212,4 @@ kssl_ctx_free 261 EXIST::FUNCTION:KRB5
|
|||||||
kssl_krb5_free_data_contents 262 EXIST::FUNCTION:KRB5
|
kssl_krb5_free_data_contents 262 EXIST::FUNCTION:KRB5
|
||||||
kssl_ctx_setstring 263 EXIST::FUNCTION:KRB5
|
kssl_ctx_setstring 263 EXIST::FUNCTION:KRB5
|
||||||
SSL_CTX_set_generate_session_id 264 EXIST::FUNCTION:
|
SSL_CTX_set_generate_session_id 264 EXIST::FUNCTION:
|
||||||
|
SSL_renegotiate_pending 265 EXIST::FUNCTION:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user