- Added simple SSL session cache implementation
- Revamped session resumption handling
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 570785f..b44af2b 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -111,9 +111,8 @@
*/
n = ssl->session_negotiate->length;
- if( n < 16 || n > 32 || ssl->resume == 0 ||
- ( ssl->timeout != 0 &&
- t - ssl->session_negotiate->start > ssl->timeout ) )
+ if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE || n < 16 || n > 32 ||
+ ssl->handshake->resume == 0 )
n = 0;
*p++ = (unsigned char) n;
@@ -473,14 +472,15 @@
/*
* Check if the session can be resumed
*/
- if( ssl->resume == 0 || n == 0 ||
+ if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE ||
+ ssl->handshake->resume == 0 || n == 0 ||
ssl->session_negotiate->ciphersuite != i ||
ssl->session_negotiate->compression != comp ||
ssl->session_negotiate->length != n ||
memcmp( ssl->session_negotiate->id, buf + 39, n ) != 0 )
{
ssl->state++;
- ssl->resume = 0;
+ ssl->handshake->resume = 0;
ssl->session_negotiate->start = time( NULL );
ssl->session_negotiate->ciphersuite = i;
ssl->session_negotiate->compression = comp;
@@ -499,7 +499,7 @@
}
SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
- ssl->resume ? "a" : "no" ) );
+ ssl->handshake->resume ? "a" : "no" ) );
SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d", i ) );
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[41 + n] ) );