wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/test/handshake_helper.h
Todd Short a84e5c9aa8 Session resume broken switching contexts 
When an SSL's context is swtiched from a ticket-enabled context to
a ticket-disabled context in the servername callback, no session-id
is generated, so the session can't be resumed.

If a servername callback changes the SSL_OP_NO_TICKET option, check
to see if it's changed to disable, and whether a session ticket is
expected (i.e. the client indicated ticket support and the SSL had
tickets enabled at the time), and whether we already have a previous
session (i.e. s->hit is set).

In this case, clear the ticket-expected flag, remove any ticket data
and generate a session-id in the session.

If the SSL hit (resumed) and switched to a ticket-disabled context,
assume that the resumption was via session-id, and don't bother to
update the session.

Before this fix, the updated unit-tests in 06-sni-ticket.conf would
fail test #4 (server1 = SNI, server2 = no SNI).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/1529)
2017-10-04 10:21:08 +10:00

78 lines
2.7 KiB
C
Raw Blame History

/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_HANDSHAKE_HELPER_H
#define HEADER_HANDSHAKE_HELPER_H
#include "ssl_test_ctx.h"
typedef struct handshake_result {
ssl_test_result_t result;
/* These alerts are in the 2-byte format returned by the info_callback. */
/* (Latest) alert sent by the client; 0 if no alert. */
int client_alert_sent;
/* Number of fatal or close_notify alerts sent. */
int client_num_fatal_alerts_sent;
/* (Latest) alert received by the server; 0 if no alert. */
int client_alert_received;
/* (Latest) alert sent by the server; 0 if no alert. */
int server_alert_sent;
/* Number of fatal or close_notify alerts sent. */
int server_num_fatal_alerts_sent;
/* (Latest) alert received by the client; 0 if no alert. */
int server_alert_received;
/* Negotiated protocol. On success, these should always match. */
int server_protocol;
int client_protocol;
/* Server connection */
ssl_servername_t servername;
/* Session ticket status */
ssl_session_ticket_t session_ticket;
int compression;
/* Was this called on the second context? */
int session_ticket_do_not_call;
char *client_npn_negotiated;
char *server_npn_negotiated;
char *client_alpn_negotiated;
char *server_alpn_negotiated;
/* Was the handshake resumed? */
int client_resumed;
int server_resumed;
/* Temporary key type */
int tmp_key_type;
/* server certificate key type */
int server_cert_type;
/* server signing hash */
int server_sign_hash;
/* server signature type */
int server_sign_type;
/* server CA names */
STACK_OF(X509_NAME) *server_ca_names;
/* client certificate key type */
int client_cert_type;
/* client signing hash */
int client_sign_hash;
/* client signature type */
int client_sign_type;
/* Client CA names */
STACK_OF(X509_NAME) *client_ca_names;
/* Session id status */
ssl_session_id_t session_id;
} HANDSHAKE_RESULT;
HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void);
void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result);
/* Do a handshake and report some information about the result. */
HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx,
SSL_CTX *resume_client_ctx,
const SSL_TEST_CTX *test_ctx);
#endif /* HEADER_HANDSHAKE_HELPER_H */
Reference in a new issue View git blame Copy permalink