* Most session-ids that will be cached, default is
* SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
*/
- size_t session_cache_size;
+ size_t session_cache_size;
struct ssl_session_st *session_cache_head;
struct ssl_session_st *session_cache_tail;
/*
typedef struct dtls1_state_st {
unsigned char cookie[DTLS1_COOKIE_LENGTH];
- unsigned int cookie_len;
+ size_t cookie_len;
unsigned int cookie_verified;
/* handshake message numbers */
unsigned short handshake_write_seq;
__owur int dtls1_is_timer_expired(SSL *s);
void dtls1_double_timeout(SSL *s);
__owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
- unsigned char cookie_len);
+ size_t cookie_len);
__owur int dtls1_send_newsession_ticket(SSL *s);
__owur size_t dtls1_min_mtu(SSL *s);
void dtls1_hm_fragment_free(hm_fragment *frag);
MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt)
{
int al;
- unsigned int cookie_len;
+ size_t cookie_len;
PACKET cookiepkt;
if (!PACKET_forward(pkt, 2)
#endif
int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
- unsigned char cookie_len)
+ size_t cookie_len)
{
/* Always use DTLS 1.0 version: see RFC 6347 */
if (!WPACKET_put_bytes_u16(pkt, DTLS1_VERSION)
int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt)
{
+ unsigned int cookie_leni;
if (s->ctx->app_gen_cookie_cb == NULL ||
s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
- &(s->d1->cookie_len)) == 0 ||
- s->d1->cookie_len > 255) {
+ &cookie_leni) == 0 ||
+ cookie_leni > 255) {
SSLerr(SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST,
SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
return 0;
}
+ s->d1->cookie_len = cookie_leni;
if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie,
s->d1->cookie_len)) {