generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow TLS tickets and session ID to both be present if lifetime hint is -1.

Browse Source 
This never happens in normal SSL sessions but can be useful if the session
is being used as a "blob" to contain other data.
This commit is contained in:
Dr. Stephen Henson 2007-10-17 11:27:25 +00:00
parent 225aeb171e
commit 7c717aafc6
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ssl/ssl_asn1.c
View File

@ -200,12 +200,13 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
a.tlsext_tick.type=V_ASN1_OCTET_STRING; a.tlsext_tick.type=V_ASN1_OCTET_STRING;
a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; a.tlsext_tick.data=(unsigned char *)in->tlsext_tick;
/* If we have a ticket set session ID to empty because /* If we have a ticket set session ID to empty because
* it will be bogus. * it will be bogus. If liftime hint is -1 treat as a special
* case because the session is being used as a container
*/ */
if (in->tlsext_ticklen) if (in->tlsext_ticklen && (in->tlsext_tick_lifetime_hint != -1))
a.session_id.length=0; a.session_id.length=0;
} }
if (in->tlsext_tick_lifetime_hint != 0) if (in->tlsext_tick_lifetime_hint > 0)
{ {
a.tlsext_tick_lifetime.length=LSIZE2; a.tlsext_tick_lifetime.length=LSIZE2;
a.tlsext_tick_lifetime.type=V_ASN1_INTEGER; a.tlsext_tick_lifetime.type=V_ASN1_INTEGER;
@ -235,7 +236,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
if (in->tlsext_tick_lifetime_hint) if (in->tlsext_tick_lifetime_hint > 0)
M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
if (in->tlsext_tick) if (in->tlsext_tick)
M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
@ -268,7 +269,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
if (in->tlsext_hostname) if (in->tlsext_hostname)
M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
if (in->tlsext_tick_lifetime_hint) if (in->tlsext_tick_lifetime_hint > 0)
M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
if (in->tlsext_tick) if (in->tlsext_tick)
M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
@ -464,8 +465,10 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip); ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip);
OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
} }
else if (ret->tlsext_ticklen && ret->session_id_length)
ret->tlsext_tick_lifetime_hint = -1;
else else
ret->tlsext_tick_lifetime_hint=0; ret->tlsext_tick_lifetime_hint = 0;
os.length=0; os.length=0;
os.data=NULL; os.data=NULL;
M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10); M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);