New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
+) applies to 0.9.7 only
+ +) New function SSL_renegotiate_pending(). This returns true once
+ renegotiation has been requested (either SSL_renegotiate() call
+ or HelloRequest/ClientHello receveived from the peer) and becomes
+ false once a handshake has been completed.
+ (For servers, SSL_renegotiate() followed by SSL_do_handshake()
+ sends a HelloRequest, but does not ensure that a handshake takes
+ place. SSL_renegotiate_pending() is useful for checking if the
+ client has followed the request.)
+ [Bodo Moeller]
+
+ +) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
+ By default, clients may request session resumption even during
+ renegotiation (if session ID contexts permit); with this option,
+ session resumption is possible only in the first handshake.
+ [Bodo Moeller]
+
*) Fix ssl3_accept (ssl/s3_srvr.c): Do not call ssl_init_wbio_buffer()
when just sending a HelloRequest as this could interfere with
application data writes (and is totally unnecessary).
/* remove buffering on output */
ssl_free_wbio_buffer(s);
- s->new_session=0;
+ if (s->new_session == 2)
+ s->new_session=0;
+ /* if s->new_session is still 1, we have only sent a HelloRequest */
s->init_num=0;
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
j= *(p++);
s->hit=0;
- if (j == 0)
+ /* Versions before 0.9.7 always allow session reuse during renegotiation
+ * (i.e. when s->new_session is true), option
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.
+ * Maybe this optional behaviour should always have been the default,
+ * but we cannot safely change the default behaviour (or new applications
+ * might be written that become totally unsecure when compiled with
+ * an earlier library version)
+ */
+ if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
{
if (!ssl_get_new_session(s,1))
goto err;
}
}
+ if (s->new_session)
+ /* actually not necessarily a 'new' section unless
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+ s->new_session = 2;
+
p+=j;
n2s(p,i);
if ((i == 0) && (j != 0))
/* If set, always create a new key when using tmp_dh parameters */
#define SSL_OP_SINGLE_DH_USE 0x00100000L
-/* Set to also use the tmp_rsa key when doing RSA operations. */
+/* Set to always use the tmp_rsa key when doing RSA operations,
+ * even when this violates protocol specs */
#define SSL_OP_EPHEMERAL_RSA 0x00200000L
/* Set on servers to choose the cipher according to the server's
* preferences */
* (version 3.1) was announced in the client hello. Normally this is
* forbidden to prevent version rollback attacks. */
#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
+/* As server, disallow session resumption on renegotiation */
+#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x01000000L
/* The next flag deliberately changes the ciphertest, this is a check
* for the PKCS#1 attack */
int server; /* are we the server side? - mostly used by SSL_clear*/
- int new_session;/* 1 if we are to use a new session */
+ int new_session;/* 1 if we are to use a new session,
+ * (sometimes 2 after a new session has in fact been assigned).
+ * NB: For servers, the 'new' session may actually be a previously
+ * cached session or even the previous session unless
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
int quiet_shutdown;/* don't send shutdown packets */
int shutdown; /* we have shut things down, 0x01 sent, 0x02
* for received */
int SSL_do_handshake(SSL *s);
int SSL_renegotiate(SSL *s);
+int SSL_renegotiate_pending(SSL *s);
int SSL_shutdown(SSL *s);
SSL_METHOD *SSL_get_ssl_method(SSL *s);
return(s->method->ssl_renegotiate(s));
}
+int SSL_renegotiate_pending(SSL *s)
+ {
+ /* becomes true when negotiation is requested;
+ * false again once a handshake has finished */
+ return (s->new_session != 0);
+ }
+
long SSL_ctrl(SSL *s,int cmd,long larg,char *parg)
{
long l;
kssl_krb5_free_data_contents 262 EXIST::FUNCTION:KRB5
kssl_ctx_setstring 263 EXIST::FUNCTION:KRB5
SSL_CTX_set_generate_session_id 264 EXIST::FUNCTION:
+SSL_renegotiate_pending 265 EXIST::FUNCTION:
projects / oweals / openssl.git / commitdiff