Add config MBEDTLS_SSL_SESSION_CACHE
Add configuration option MBEDTLS_SSL_SESSION_CACHE to control
enabling/disabling of the cache based session resumption.
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 2116521..2a0bbfb 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1669,6 +1669,14 @@
#define MBEDTLS_SSL_SESSION_TICKETS
/**
+ * \def MBEDTLS_SSL_SESSION_CACHE
+ *
+ *
+ * Comment this macro to disable support for SSL session cache
+ */
+//#define MBEDTLS_SSL_SESSION_CACHE
+
+/**
* \def MBEDTLS_SSL_EXPORT_KEYS
*
* Enable support for exporting key block and master secret.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index b517089..4471a24 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -906,11 +906,13 @@
int (*f_rng)(void *, unsigned char *, size_t);
void *p_rng; /*!< context for the RNG function */
+#if defined(MBEDTLS_SSL_SESSION_CACHE)
/** Callback to retrieve a session from the cache */
int (*f_get_cache)(void *, mbedtls_ssl_session *);
/** Callback to store a session into the cache */
int (*f_set_cache)(void *, const mbedtls_ssl_session *);
void *p_cache; /*!< context for cache callbacks */
+#endif
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/** Callback for setting cert according to SNI extension */
@@ -2129,7 +2131,7 @@
void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
-#if defined(MBEDTLS_SSL_SRV_C)
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
/**
* \brief Set the session cache callbacks (server-side only)
* If not set, no session resuming is done (except if session
@@ -2171,9 +2173,9 @@
void *p_cache,
int (*f_get_cache)(void *, mbedtls_ssl_session *),
int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
-#endif /* MBEDTLS_SSL_SRV_C */
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_SESSION_CACHE */
-#if defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
/**
* \brief Request resumption of session (client-side only)
* Session data is copied from presented session structure.
@@ -2189,7 +2191,7 @@
* \sa mbedtls_ssl_get_session()
*/
int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
-#endif /* MBEDTLS_SSL_CLI_C */
+#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SESSION_CACHE */
/**
* \brief Load serialized session data into a session structure.
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index ecde1b0..55a5976 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2637,6 +2637,7 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 );
+#if defined(MBEDTLS_SSL_SESSION_CACHE)
/*
* Resume is 0 by default, see ssl_handshake_init().
* It may be already set to 1 by ssl_parse_session_ticket_ext().
@@ -2653,6 +2654,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
ssl->handshake->resume = 1;
}
+#endif /* MBEDTLS_SSL_SESSION_CACHE */
if( ssl->handshake->resume == 0 )
{
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index fff20ff..10232bb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7273,7 +7273,9 @@
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
{
+#if defined(MBEDTLS_SSL_SESSION_CACHE)
int resume = ssl->handshake->resume;
+#endif /* MBEDTLS_SSL_SESSION_CACHE */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
@@ -7302,6 +7304,7 @@
ssl->session = ssl->session_negotiate;
ssl->session_negotiate = NULL;
+#if defined(MBEDTLS_SSL_SESSION_CACHE)
/*
* Add cache entry
*/
@@ -7312,6 +7315,7 @@
if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
}
+#endif /* MBEDTLS_SSL_SESSION_CACHE */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
@@ -8152,7 +8156,7 @@
ssl_set_timer( ssl, 0 );
}
-#if defined(MBEDTLS_SSL_SRV_C)
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
void *p_cache,
int (*f_get_cache)(void *, mbedtls_ssl_session *),
@@ -8162,9 +8166,9 @@
conf->f_get_cache = f_get_cache;
conf->f_set_cache = f_set_cache;
}
-#endif /* MBEDTLS_SSL_SRV_C */
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_SESSION_CACHE */
-#if defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session )
{
int ret;
@@ -8185,7 +8189,7 @@
return( 0 );
}
-#endif /* MBEDTLS_SSL_CLI_C */
+#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SESSION_CACHE */
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
const int *ciphersuites )
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index dd21fbf..799da9a 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -236,11 +236,11 @@
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
-#if defined(MBEDTLS_SSL_CACHE_C)
+#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
-#endif
+#endif /* MBEDTLS_SSL_CACHE_C && MBEDTLS_SSL_SESSION_CACHE */
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
index d45a663..30b9d79 100644
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -1410,6 +1410,14 @@
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+#if defined(MBEDTLS_SSL_SESSION_CACHE)
+ if( strcmp( "MBEDTLS_SSL_SESSION_CACHE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SESSION_CACHE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_SESSION_CACHE */
+
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
if( strcmp( "MBEDTLS_SSL_EXPORT_KEYS", config ) == 0 )
{
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 9828576..a3f5d60 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2545,12 +2545,14 @@
}
}
+#if defined(MBEDTLS_SSL_SESSION_CACHE)
if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
-ret );
goto exit;
}
+#endif /* MBEDTLS_SSL_SESSION_CACHE */
if( ( ret = mbedtls_net_connect( &server_fd,
opt.server_addr, opt.server_port,
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 9791856..005d3e8 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -224,11 +224,11 @@
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
-#if defined(MBEDTLS_SSL_CACHE_C)
+#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
-#endif
+#endif /* MBEDTLS_SSL_CACHE_C && MBEDTLS_SSL_SESSION_CACHE */
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 5d751b6..4049a27 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2527,9 +2527,11 @@
if( opt.cache_timeout != -1 )
mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );
+#if defined(MBEDTLS_SSL_SESSION_CACHE)
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
+#endif /* MBEDTLS_SSL_SESSION_CACHE */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)