Skip to content

Commit

Permalink
tls: add session resumption setter (baresip#1091)
Browse files Browse the repository at this point in the history
  • Loading branch information
maximilianfridrich authored Mar 25, 2024
1 parent 5716786 commit c8ec56b
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 0 deletions.
8 changes: 8 additions & 0 deletions include/re_tls.h
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,13 @@ enum tls_keytype {
TLS_KEYTYPE_EC,
};

enum tls_resume_mode {
TLS_RESUMPTION_NONE = 0,
TLS_RESUMPTION_IDS = (1 << 0),
TLS_RESUMPTION_TICKETS = (1 << 1),
TLS_RESUMPTION_ALL = TLS_RESUMPTION_IDS | TLS_RESUMPTION_TICKETS,
};

struct tls_conn_d {
int (*verifyh) (int ok, void *arg);
void *arg;
Expand Down Expand Up @@ -75,6 +82,7 @@ int tls_get_issuer(struct tls *tls, struct mbuf *mb);
int tls_get_subject(struct tls *tls, struct mbuf *mb);
void tls_disable_verify_server(struct tls *tls);
void tls_enable_verify_client(struct tls *tls, bool enable);
int tls_set_resumption(struct tls *tls, const enum tls_resume_mode mode);

int tls_set_min_proto_version(struct tls *tls, int version);
int tls_set_max_proto_version(struct tls *tls, int version);
Expand Down
42 changes: 42 additions & 0 deletions src/tls/openssl/tls.c
Original file line number Diff line number Diff line change
Expand Up @@ -2190,3 +2190,45 @@ int tls_verify_client_post_handshake(struct tls_conn *tc)

return err;
}


/**
* Set TLS session resumption mode
*
* @param tls TLS Object
* @param mode TLS session resumption mode
*
* @return 0 if success, otherwise errorcode
*/
int tls_set_resumption(struct tls *tls, const enum tls_resume_mode mode)
{
long ok = 1;

if (!tls)
return EINVAL;

if (mode & TLS_RESUMPTION_IDS) {
ok = SSL_CTX_set_session_cache_mode(tls->ctx,
SSL_SESS_CACHE_SERVER);
}
else {
ok = SSL_CTX_set_session_cache_mode(tls->ctx,
SSL_SESS_CACHE_OFF);
}

if (mode & TLS_RESUMPTION_TICKETS) {
ok |= SSL_CTX_clear_options(tls->ctx, SSL_OP_NO_TICKET);
ok |= SSL_CTX_set_num_tickets(tls->ctx, 2);
}
else {
ok |= SSL_CTX_set_options(tls->ctx, SSL_OP_NO_TICKET);
ok |= SSL_CTX_set_num_tickets(tls->ctx, 0);
}

if (!ok) {
ERR_clear_error();
return EFAULT;
}

return 0;
}

0 comments on commit c8ec56b

Please sign in to comment.