From b7c9187b32a14b5b4a850161aed5c044d2130d5a Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Sun, 8 Feb 2015 23:37:54 +0000 Subject: [PATCH 1/1] Add SSL_SESSION_get0_ticket API function. Reviewed-by: Tim Hudson --- doc/ssl/SSL_SESSION_has_ticket.pod | 14 +++++++++++--- ssl/ssl.h | 2 ++ ssl/ssl_sess.c | 8 ++++++++ 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/doc/ssl/SSL_SESSION_has_ticket.pod b/doc/ssl/SSL_SESSION_has_ticket.pod index bf249a4ab9..d9b2a06196 100644 --- a/doc/ssl/SSL_SESSION_has_ticket.pod +++ b/doc/ssl/SSL_SESSION_has_ticket.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint - check whether a session has an associated ticket, and get its lifetime hint. +SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint, SSL_SESSION_get_ticket - get details about the ticket associated with a session =head1 SYNOPSIS @@ -10,6 +10,8 @@ SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint - check whether a s int SSL_SESSION_has_ticket(const SSL_SESSION *s); unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); + void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick, + size_t *len); =head1 DESCRIPTION @@ -19,6 +21,12 @@ this session, and 0 otherwise. SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds associated with the session ticket. +SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a +session. The length of the ticket is written to B<*len>. If B is non +NULL then a pointer to the ticket is written to B<*tick>. The pointer is only +valid while the connection is in use. The session (and hence the ticket pointer) +may also become invalid as a result of a call to SSL_CTX_flush_sessions(). + =head1 SEE ALSO L, @@ -28,7 +36,7 @@ L =head1 HISTORY -SSL_SESSION_has_ticket and SSL_SESSION_get_ticket_lifetime_hint were added in -OpenSSL 1.1.0. +SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint and +SSL_SESSION_get0_ticket were added in OpenSSL 1.1.0. =cut diff --git a/ssl/ssl.h b/ssl/ssl.h index 6d9ac0301d..13fb053ffc 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1462,6 +1462,8 @@ long SSL_SESSION_get_timeout(const SSL_SESSION *s); long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); int SSL_SESSION_has_ticket(const SSL_SESSION *s); unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick, + size_t *len); void SSL_copy_session_id(SSL *to, const SSL *from); X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 0f07ed58a1..cf019c8346 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -858,6 +858,14 @@ unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s) return s->tlsext_tick_lifetime_hint; } +void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick, + size_t *len) +{ + *len = s->tlsext_ticklen; + if(tick != NULL) + *tick = s->tlsext_tick; +} + X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) { return s->peer; -- 2.34.1