projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Reorganise header files
[openssl.git] / ssl / ssl_sess.c
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 1061b833c4bfc8a127f7b355c2d2dc0cc8d5c1ad..9273eb6c48b64ebed739a8cff12162f87d8db466 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -257,7 +257,7 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id,
 {
     unsigned int retry = 0;
     do
-        if (RAND_pseudo_bytes(id, *id_len) <= 0)
+        if (RAND_bytes(id, *id_len) <= 0)
             return 0;
     while (SSL_has_matching_session_id(ssl, id, *id_len) &&
            (++retry < MAX_SESS_ID_ATTEMPTS)) ;
@@ -325,21 +325,21 @@ int ssl_get_new_session(SSL *s, int session)
             return (0);
         }
 #ifndef OPENSSL_NO_TLSEXT
-               /*-
-                * If RFC5077 ticket, use empty session ID (as server).
-                * Note that:
-                * (a) ssl_get_prev_session() does lookahead into the
-                *     ClientHello extensions to find the session ticket.
-                *     When ssl_get_prev_session() fails, s3_srvr.c calls
-                *     ssl_get_new_session() in ssl3_get_client_hello().
-                *     At that point, it has not yet parsed the extensions,
-                *     however, because of the lookahead, it already knows
-                *     whether a ticket is expected or not.
-                *
-                * (b) s3_clnt.c calls ssl_get_new_session() before parsing
-                *     ServerHello extensions, and before recording the session
-                *     ID received from the server, so this block is a noop.
-                */
+        /*-
+         * If RFC5077 ticket, use empty session ID (as server).
+         * Note that:
+         * (a) ssl_get_prev_session() does lookahead into the
+         *     ClientHello extensions to find the session ticket.
+         *     When ssl_get_prev_session() fails, s3_srvr.c calls
+         *     ssl_get_new_session() in ssl3_get_client_hello().
+         *     At that point, it has not yet parsed the extensions,
+         *     however, because of the lookahead, it already knows
+         *     whether a ticket is expected or not.
+         *
+         * (b) s3_clnt.c calls ssl_get_new_session() before parsing
+         *     ServerHello extensions, and before recording the session
+         *     ID received from the server, so this block is a noop.
+         */
         if (s->tlsext_ticket_expected) {
             ss->session_id_length = 0;
             goto sess_id_done;
@@ -510,12 +510,14 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
              */
             if (!
                 (s->session_ctx->session_cache_mode &
-                 SSL_SESS_CACHE_NO_INTERNAL_STORE))
+                 SSL_SESS_CACHE_NO_INTERNAL_STORE)) {
                 /*
                  * The following should not return 1, otherwise, things are
                  * very strange
                  */
-                SSL_CTX_add_session(s->session_ctx, ret);
+                if(SSL_CTX_add_session(s->session_ctx, ret))
+                    goto err;
+            }
         }
     }
 
@@ -848,6 +850,24 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t)
     return (t);
 }
 
+int SSL_SESSION_has_ticket(const SSL_SESSION *s)
+{
+    return (s->tlsext_ticklen > 0) ? 1 : 0;
+}
+
+unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
+{
+    return s->tlsext_tick_lifetime_hint;
+}
+
+void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick,
+                            size_t *len)
+{
+    *len = s->tlsext_ticklen;
+    if(tick != NULL)
+        *tick = s->tlsext_tick;
+}
+
 X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
 {
     return s->peer;
Unnamed repository; edit this file 'description' to name the repository.