Skip to content
Snippets Groups Projects
Commit 57d9e301 authored by Martin Nilsson's avatar Martin Nilsson
Browse files

OO a bit more.

parent 6d16f254
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
lib/modules/SSL.pmod/ServerConnection.pike
+ 2
27
View file @ 57d9e301
...@@ -684,33 +684,8 @@ int(-1..1) handle_handshake(int type, string(8bit) data, string(8bit) raw) ...@@ -684,33 +684,8 @@ int(-1..1) handle_handshake(int type, string(8bit) data, string(8bit) raw)
werror("SSL.ServerConnection: Looking up session %O\n", id); werror("SSL.ServerConnection: Looking up session %O\n", id);
#endif #endif
Session old_session = sizeof(id) && context->lookup_session(id); Session old_session = sizeof(id) && context->lookup_session(id);
if (old_session && if (old_session && old_session->reusable_as(session))
old_session->cipher_suite == session->cipher_suite && {
old_session->version == session->version &&
old_session->certificate_chain == session->certificate_chain &&
old_session->compression_algorithm ==
session->compression_algorithm &&
old_session->max_packet_size == session->max_packet_size &&
old_session->truncated_hmac == session->truncated_hmac &&
old_session->server_name == session->server_name &&
old_session->ecc_point_format == session->ecc_point_format &&
old_session->encrypt_then_mac == session->encrypt_then_mac &&
equal(old_session->signature_algorithms,
session->signature_algorithms) &&
equal(old_session->ecc_curves, session->ecc_curves)) {
// SSL3 5.6.1.2:
// If the session_id field is not empty (implying a session
// resumption request) this vector [cipher_suites] must
// include at least the cipher_suite from that session.
// ...
// If the session_id field is not empty (implying a session
// resumption request) this vector [compression_methods]
// must include at least the compression_method from
// that session.
// We use a *much* stricter test, and only reuse the old session
// if it has the same parameters as the new session.
SSL3_DEBUG_MSG("SSL.ServerConnection: Reusing session %O\n", id); SSL3_DEBUG_MSG("SSL.ServerConnection: Reusing session %O\n", id);
/* Reuse session */ /* Reuse session */
......
lib/modules/SSL.pmod/Session.pike
+ 29
0
View file @ 57d9e301
...@@ -659,3 +659,32 @@ array(State) new_client_states(.Connection con, ...@@ -659,3 +659,32 @@ array(State) new_client_states(.Connection con,
} }
return ({ read_state, write_state }); return ({ read_state, write_state });
} }
//! Returns true if this session object can be used in place of the
//! session object @[other].
int(0..1) reusable_as(Session other)
{
// SSL3 5.6.1.2:
// If the session_id field is not empty (implying a session
// resumption request) this vector [cipher_suites] must
// include at least the cipher_suite from that session.
// ...
// If the session_id field is not empty (implying a session
// resumption request) this vector [compression_methods]
// must include at least the compression_method from
// that session.
// We use a *much* stricter test, and only reuse the old session
// if it has the same parameters as the new session.
return cipher_suite == other->cipher_suite &&
version == other->version &&
certificate_chain == other->certificate_chain &&
compression_algorithm == other->compression_algorithm &&
max_packet_size == other->max_packet_size &&
truncated_hmac == other->truncated_hmac &&
server_name == other->server_name &&
ecc_point_format == other->ecc_point_format &&
encrypt_then_mac == other->encrypt_then_mac &&
equal(signature_algorithms, other->signature_algorithms) &&
equal(ecc_curves, other->ecc_curves);
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment