From 57d9e301818f5f3154a335cb63c575953057876c Mon Sep 17 00:00:00 2001
From: Martin Nilsson <nilsson@opera.com>
Date: Tue, 12 Aug 2014 21:33:38 +0200
Subject: [PATCH] OO a bit more.

---
 lib/modules/SSL.pmod/ServerConnection.pike | 29 ++--------------------
 lib/modules/SSL.pmod/Session.pike          | 29 ++++++++++++++++++++++
 2 files changed, 31 insertions(+), 27 deletions(-)

diff --git a/lib/modules/SSL.pmod/ServerConnection.pike b/lib/modules/SSL.pmod/ServerConnection.pike
index ab29e3612a..acb286faf8 100644
--- a/lib/modules/SSL.pmod/ServerConnection.pike
+++ b/lib/modules/SSL.pmod/ServerConnection.pike
@@ -684,33 +684,8 @@ int(-1..1) handle_handshake(int type, string(8bit) data, string(8bit) raw)
 	  werror("SSL.ServerConnection: Looking up session %O\n", id);
 #endif
 	Session old_session = sizeof(id) && context->lookup_session(id);
-	if (old_session &&
-	    old_session->cipher_suite == session->cipher_suite &&
-	    old_session->version == session->version &&
-	    old_session->certificate_chain == session->certificate_chain &&
-	    old_session->compression_algorithm ==
-	    session->compression_algorithm &&
-	    old_session->max_packet_size == session->max_packet_size &&
-	    old_session->truncated_hmac == session->truncated_hmac &&
-	    old_session->server_name == session->server_name &&
-	    old_session->ecc_point_format == session->ecc_point_format &&
-	    old_session->encrypt_then_mac == session->encrypt_then_mac &&
-	    equal(old_session->signature_algorithms,
-		  session->signature_algorithms) &&
-	    equal(old_session->ecc_curves, session->ecc_curves)) {
-	  // SSL3 5.6.1.2:
-	  // If the session_id field is not empty (implying a session
-	  // resumption request) this vector [cipher_suites] must
-	  // include at least the cipher_suite from that session.
-	  // ...
-	  // If the session_id field is not empty (implying a session
-	  // resumption request) this vector [compression_methods]
-	  // must include at least the compression_method from
-	  // that session.
-
-	  // We use a *much* stricter test, and only reuse the old session
-	  // if it has the same parameters as the new session.
-
+	if (old_session && old_session->reusable_as(session))
+        {
 	  SSL3_DEBUG_MSG("SSL.ServerConnection: Reusing session %O\n", id);
 
 	  /* Reuse session */
diff --git a/lib/modules/SSL.pmod/Session.pike b/lib/modules/SSL.pmod/Session.pike
index 09f21798e2..e9a60e0f6b 100644
--- a/lib/modules/SSL.pmod/Session.pike
+++ b/lib/modules/SSL.pmod/Session.pike
@@ -659,3 +659,32 @@ array(State) new_client_states(.Connection con,
   }
   return ({ read_state, write_state });
 }
+
+//! Returns true if this session object can be used in place of the
+//! session object @[other].
+int(0..1) reusable_as(Session other)
+{
+  // SSL3 5.6.1.2:
+  // If the session_id field is not empty (implying a session
+  // resumption request) this vector [cipher_suites] must
+  // include at least the cipher_suite from that session.
+  // ...
+  // If the session_id field is not empty (implying a session
+  // resumption request) this vector [compression_methods]
+  // must include at least the compression_method from
+  // that session.
+
+  // We use a *much* stricter test, and only reuse the old session
+  // if it has the same parameters as the new session.
+  return cipher_suite == other->cipher_suite &&
+    version == other->version &&
+    certificate_chain == other->certificate_chain &&
+    compression_algorithm == other->compression_algorithm &&
+    max_packet_size == other->max_packet_size &&
+    truncated_hmac == other->truncated_hmac &&
+    server_name == other->server_name &&
+    ecc_point_format == other->ecc_point_format &&
+    encrypt_then_mac == other->encrypt_then_mac &&
+    equal(signature_algorithms, other->signature_algorithms) &&
+    equal(ecc_curves, other->ecc_curves);
+}
-- 
GitLab