Add SSL_SESSION_get0_ticket API function.

author Matt Caswell <matt@openssl.org>

Sun, 8 Feb 2015 23:37:54 +0000 (23:37 +0000)

committer Matt Caswell <matt@openssl.org>

Tue, 10 Feb 2015 22:54:27 +0000 (22:54 +0000)
author Matt Caswell <matt@openssl.org>
Sun, 8 Feb 2015 23:37:54 +0000 (23:37 +0000)
committer Matt Caswell <matt@openssl.org>
Tue, 10 Feb 2015 22:54:27 +0000 (22:54 +0000)
diff --git a/doc/ssl/SSL_SESSION_has_ticket.pod b/doc/ssl/SSL_SESSION_has_ticket.pod

index bf249a4ab94dba01518116827dc62c15787d99d9..d9b2a0619639b01069f99572136e12141d1b86f2 100644 (file)
--- a/doc/ssl/SSL_SESSION_has_ticket.pod
+++ b/doc/ssl/SSL_SESSION_has_ticket.pod
@@ -2,7 +2,7 @@
  
  =head1 NAME
  
  
  =head1 NAME
  
-SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint - check whether a session has an associated ticket, and get its lifetime hint.
+SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint, SSL_SESSION_get_ticket - get details about the ticket associated with a session
  
  =head1 SYNOPSIS
  
  
  =head1 SYNOPSIS
  
@@ -10,6 +10,8 @@ SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint - check whether a s
  
   int SSL_SESSION_has_ticket(const SSL_SESSION *s);
   unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
  
   int SSL_SESSION_has_ticket(const SSL_SESSION *s);
   unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
+ void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick,
+                            size_t *len);
  
  =head1 DESCRIPTION
  
  
  =head1 DESCRIPTION
  
@@ -19,6 +21,12 @@ this session, and 0 otherwise.
  SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds
  associated with the session ticket.
  
  SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds
  associated with the session ticket.
  
+SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a
+session. The length of the ticket is written to B<*len>. If B<tick> is non
+NULL then a pointer to the ticket is written to B<*tick>. The pointer is only
+valid while the connection is in use. The session (and hence the ticket pointer)
+may also become invalid as a result of a call to SSL_CTX_flush_sessions().
+
  =head1 SEE ALSO
  
  L<ssl(3)|ssl(3)>,
  =head1 SEE ALSO
  
  L<ssl(3)|ssl(3)>,
@@ -28,7 +36,7 @@ L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
  
  =head1 HISTORY
  
  
  =head1 HISTORY
  
-SSL_SESSION_has_ticket and SSL_SESSION_get_ticket_lifetime_hint were added in
-OpenSSL 1.1.0.
+SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint and
+SSL_SESSION_get0_ticket were added in OpenSSL 1.1.0.
  
  =cut
  
  =cut
diff --git a/ssl/ssl.h b/ssl/ssl.h

index 6d9ac0301df76df078a9dcbcae969a1ad286c212..13fb053ffc21e53bd0a0ca9826435cbc67cfa961 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1462,6 +1462,8 @@ long SSL_SESSION_get_timeout(const SSL_SESSION *s);
  long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
  int SSL_SESSION_has_ticket(const SSL_SESSION *s);
  unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
  long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
  int SSL_SESSION_has_ticket(const SSL_SESSION *s);
  unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
+void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick,
+                            size_t *len);
  void SSL_copy_session_id(SSL *to, const SSL *from);
  X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
  int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
  void SSL_copy_session_id(SSL *to, const SSL *from);
  X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
  int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c

index 0f07ed58a182b7fc40c111a27d130c10be89cc1d..cf019c8346d1ccc6b348053271ee8d9465c1ab2d 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -858,6 +858,14 @@ unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
      return s->tlsext_tick_lifetime_hint;
  }
  
      return s->tlsext_tick_lifetime_hint;
  }
  
+void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick,
+                            size_t *len)
+{
+    *len = s->tlsext_ticklen;
+    if(tick != NULL)
+        *tick = s->tlsext_tick;
+}
+
  X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
  {
      return s->peer;
  X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
  {
      return s->peer;
author	Matt Caswell <matt@openssl.org>
	Sun, 8 Feb 2015 23:37:54 +0000 (23:37 +0000)
committer	Matt Caswell <matt@openssl.org>
	Tue, 10 Feb 2015 22:54:27 +0000 (22:54 +0000)
doc/ssl/SSL_SESSION_has_ticket.pod		patch \| blob \| history
ssl/ssl.h		patch \| blob \| history
ssl/ssl_sess.c		patch \| blob \| history