Make cookie timeout configurable
diff --git a/include/polarssl/ssl_cookie.h b/include/polarssl/ssl_cookie.h
index 7db00c2..9a71443 100644
--- a/include/polarssl/ssl_cookie.h
+++ b/include/polarssl/ssl_cookie.h
@@ -36,6 +36,9 @@
* Either change them in config.h or define them on the compiler command line.
* \{
*/
+#ifndef POLARSSL_SSL_COOKIE_TIMEOUT
+#define POLARSSL_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+#endif
/* \} name SECTION: Module settings */
@@ -48,10 +51,13 @@
*/
typedef struct
{
- md_context_t hmac_ctx; /*!< context for the HMAC portion */
+ md_context_t hmac_ctx; /*!< context for the HMAC portion */
#if !defined(POLARSSL_HAVE_TIME)
- unsigned long serial; /*!< serial number for expiration */
+ unsigned long serial; /*!< serial number for expiration */
#endif
+ unsigned long timeout; /*!< timeout delay, in seconds if HAVE_TIME,
+ or in number of tickets issued */
+
} ssl_cookie_ctx;
/**
@@ -67,6 +73,17 @@
void *p_rng );
/**
+ * \brief Set expiration delay for cookies
+ * (Default POLARSSL_SSL_COOKIE_TIMEOUT)
+ *
+ * \param ctx Cookie contex
+ * \param delay Delay, in seconds if HAVE_TIME, or in number of cookies
+ * issued in the meantime.
+ * 0 to disable expiration (NOT recommended)
+ */
+void ssl_cookie_set_timeout( ssl_cookie_ctx *ctx, unsigned long delay );
+
+/**
* \brief Free cookie context
*/
void ssl_cookie_free( ssl_cookie_ctx *ctx );