Add ssl_get_session() to save session on client

2024-11-23 03:05:43 +01:00 · 2013-07-30 12:41:56 +02:00 · 2013-07-30 12:41:56 +02:00 · 747180391d
commit 747180391d
parent a8342398c8
2 changed files with 45 additions and 5 deletions
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -774,13 +774,10 @@ void ssl_set_session_cache( ssl_context *ssl,
 * \brief          Request resumption of session (client-side only)
 *                 Session data is copied from presented session structure.
 *
- *                 Warning: session.peer_cert is cleared by the SSL/TLS layer on
- *                 connection shutdown, so do not cache the pointer! Either set
- *                 it to NULL or make a full copy of the certificate when
- *                 storing the session for use in this function.
- *
 * \param ssl      SSL context
 * \param session  session context
+ *
+ * \sa             ssl_get_session()
 */
 void ssl_set_session( ssl_context *ssl, const ssl_session *session );

@ -1100,6 +1097,24 @@ const char *ssl_get_version( const ssl_context *ssl );
 const x509_cert *ssl_get_peer_cert( const ssl_context *ssl );
 #endif /* POLARSSL_X509_PARSE_C */

+/**
+ * \brief          Save session in order to resume it later (client-side only)
+ *                 Session data is copied to presented session structure.
+ *
+ * \warning        Currently, peer certificate is lost in the operation.
+ *
+ * \param ssl      SSL context
+ * \param session  session context
+ *
+ * \return         0 if successful,
+ *                 POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation failed,
+ *                 POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side or
+ *                 arguments are otherwise invalid
+ *
+ * \sa             ssl_set_session()
+ */
+int ssl_get_session( const ssl_context *ssl, ssl_session *session );
+
 /**
 * \brief          Perform the SSL handshake
 *
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -3222,6 +3222,31 @@ const x509_cert *ssl_get_peer_cert( const ssl_context *ssl )
 }
 #endif /* POLARSSL_X509_PARSE_C */

+int ssl_get_session( const ssl_context *ssl, ssl_session *dst )
+{
+    ssl_session *src;
+
+    if( ssl == NULL ||
+        dst == NULL ||
+        ssl->session == NULL ||
+        ssl->endpoint != SSL_IS_CLIENT )
+    {
+        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    src = ssl->session;
+
+    ssl_session_free( dst );
+    memcpy( dst, src, sizeof( ssl_session ) );
+
+    /*
+     * For now, just set peer_cert to NULL, deep-copy not implemented yet
+     */
+    dst->peer_cert = NULL;
+
+    return( 0 );
+}
+
 /*
 * Perform a single step of the SSL handshake
 */