commit d59675d92c74d99a36d6f35d34b9f2e1bd189931
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue May 19 15:28:00 2015 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed May 20 11:14:57 2015 +0200
tree fbd8e4a53e88b5c7e690d8280520e21cbfc71299
parent 2ff873c0fade1a3ef083ea89e742745a77f68c28

Move to callback for session tickets

programs/ssl/ssl_server2.c

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index f0ef851..5f66d51 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -69,6 +69,10 @@
 #include "mbedtls/ssl_cache.h"
 #endif
 
+#if defined(MBEDTLS_SSL_TICKET_C)
+#include "mbedtls/ssl_ticket.h"
+#endif
+
 #if defined(MBEDTLS_SSL_COOKIE_C)
 #include "mbedtls/ssl_cookie.h"
 #endif
@@ -114,7 +118,7 @@
 #define DFL_MFL_CODE            MBEDTLS_SSL_MAX_FRAG_LEN_NONE
 #define DFL_TRUNC_HMAC          -1
 #define DFL_TICKETS             MBEDTLS_SSL_SESSION_TICKETS_ENABLED
-#define DFL_TICKET_TIMEOUT      -1
+#define DFL_TICKET_TIMEOUT      86400
 #define DFL_CACHE_MAX           -1
 #define DFL_CACHE_TIMEOUT       -1
 #define DFL_SNI                 NULL
@@ -190,7 +194,7 @@
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
 #define USAGE_TICKETS                                       \
     "    tickets=%%d          default: 1 (enabled)\n"       \
-    "    ticket_timeout=%%d   default: ticket default (1d)\n"
+    "    ticket_timeout=%%d   default: 86400 (one day)\n"
 #else
 #define USAGE_TICKETS ""
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
@@ -740,6 +744,9 @@
 #if defined(MBEDTLS_SSL_CACHE_C)
     mbedtls_ssl_cache_context cache;
 #endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    mbedtls_ssl_ticket_context ticket_ctx;
+#endif
 #if defined(SNI_OPTION)
     sni_entry *sni_info = NULL;
 #endif
@@ -778,6 +785,9 @@
 #if defined(MBEDTLS_SSL_CACHE_C)
     mbedtls_ssl_cache_init( &cache );
 #endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    mbedtls_ssl_ticket_init( &ticket_ctx );
+#endif
 #if defined(MBEDTLS_SSL_ALPN)
     memset( (void *) alpn_list, 0, sizeof( alpn_list ) );
 #endif
@@ -1584,14 +1594,21 @@
 #endif
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( ( ret = mbedtls_ssl_conf_session_tickets( &conf, opt.tickets ) ) != 0 )
+    if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
     {
-        mbedtls_printf( " failed\n  ! mbedtls_ssl_conf_session_tickets returned %d\n\n", ret );
-        goto exit;
-    }
+        if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
+                        mbedtls_ctr_drbg_random, &ctr_drbg,
+                        opt.ticket_timeout ) ) != 0 )
+        {
+            mbedtls_printf( " failed\n  ! mbedtls_ssl_ticket_setup returned %d\n\n", ret );
+            goto exit;
+        }
 
-    if( opt.ticket_timeout != -1 )
-        mbedtls_ssl_conf_session_ticket_lifetime( &conf, opt.ticket_timeout );
+        mbedtls_ssl_conf_session_tickets_cb( &conf,
+                mbedtls_ssl_ticket_write,
+                mbedtls_ssl_ticket_parse,
+                &ticket_ctx );
+    }
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -2203,6 +2220,9 @@
 #if defined(MBEDTLS_SSL_CACHE_C)
     mbedtls_ssl_cache_free( &cache );
 #endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    mbedtls_ssl_ticket_free( &ticket_ctx );
+#endif
 #if defined(MBEDTLS_SSL_COOKIE_C)
     mbedtls_ssl_cookie_free( &cookie_ctx );
 #endif