New function SSL_CTX_set_session_id_context.

Submitted by:
Reviewed by:
PR:

diff --git a/CHANGES b/CHANGES
index 08dc7c372ac13d2248c0b95ad12826d32ed86426..809472c39c12b6c182878043bf5bff046170216a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,11 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) New function SSL_CTX_set_session_id_context that allows to set a default
+     value (so that you don't need SSL_set_session_id_context for each connection
+     using the SSL_CTX).
+     [Bodo Moeller]
+
   *) OAEP decoding bug fix.
      [Ulf Möller]
 

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 768a836b2e1cb8f107e71d4288c4643c63b22b23..6a3ad30969526b550f9cbe497c178562e36f9b94 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -394,6 +394,8 @@ struct ssl_ctx_st
 /**/   struct cert_st /* CERT */ *default_cert;
 /**/   int read_ahead;
 /**/   int verify_mode;
+/**/   unsigned int sid_ctx_length;
+/**/   unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
 /**/   int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
 
        /* Default password callback. */
@@ -929,6 +931,9 @@ void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)());
 int SSL_CTX_check_private_key(SSL_CTX *ctx);
 int SSL_check_private_key(SSL *ctx);
 
+int    SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
+                                      unsigned int sid_ctx_len);
+
 SSL *  SSL_new(SSL_CTX *ctx);
 int    SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
                                   unsigned int sid_ctx_len);
@@ -1153,6 +1158,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_F_SSL_CREATE_CIPHER_LIST                    166
 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                         168
 #define SSL_F_SSL_CTX_NEW                               169
+#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT            219
 #define SSL_F_SSL_CTX_SET_SSL_VERSION                   170
 #define SSL_F_SSL_CTX_USE_CERTIFICATE                   171
 #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1              172

diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 64bab61d76fd799947d340a56d95605a638a80cb..3d9a83517b89ddef4c1cd37f4e0d2db4d78c0d7e 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -138,6 +138,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0),   "SSL_CREATE_CIPHER_LIST"},
 {ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0),        "SSL_CTX_check_private_key"},
 {ERR_PACK(0,SSL_F_SSL_CTX_NEW,0),      "SSL_CTX_new"},
+{ERR_PACK(0,SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,0),   "SSL_CTX_set_session_id_context"},
 {ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0),  "SSL_CTX_set_ssl_version"},
 {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0),  "SSL_CTX_use_certificate"},
 {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0),     "SSL_CTX_use_certificate_ASN1"},

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a237dda84ae8c64eb529c009a362ec5e5dfc41a2..831768351c1264482a11a4f073f9bc95c682e9ca 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -186,6 +186,8 @@ SSL *SSL_new(SSL_CTX *ctx)
                }
        else
                s->cert=NULL;
+       s->sid_ctx_length=ctx->sid_ctx_length;
+       memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
        s->verify_mode=ctx->verify_mode;
        s->verify_callback=ctx->default_verify_callback;
        CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
@@ -216,6 +218,20 @@ err:
        return(NULL);
        }
 
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
+                                  unsigned int sid_ctx_len)
+    {
+    if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
+       {
+       SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+       return 0;
+       }
+    ctx->sid_ctx_length=sid_ctx_len;
+    memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
+
+    return 1;
+    }
+
 int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
                               unsigned int sid_ctx_len)
     {