unsigned int sid_ctx_len);
__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
unsigned int sid_len);
+__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s);
__owur SSL_SESSION *SSL_SESSION_new(void);
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
/*
- * TODO(TLS1.3): SSL_get_session() and SSL_get1_session() are problematic in
- * TLS1.3 because, unlike in earlier protocol versions, the session ticket
- * may not have been sent yet even though a handshake has finished. The session
- * ticket data could come in sometime later...or even change if multiple session
- * ticket messages are sent from the server. We need to work out how to deal
- * with this.
+ * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because,
+ * unlike in earlier protocol versions, the session ticket may not have been
+ * sent yet even though a handshake has finished. The session ticket data could
+ * come in sometime later...or even change if multiple session ticket messages
+ * are sent from the server. The preferred way for applications to obtain
+ * a resumable session is to use SSL_CTX_sess_set_new_cb().
*/
SSL_SESSION *SSL_get_session(const SSL *ssl)
return 1;
}
+int SSL_SESSION_is_resumable(const SSL_SESSION *s)
+{
+ /*
+ * In the case of EAP-FAST, we can have a pre-shared "ticket" without a
+ * session ID.
+ */
+ return !s->not_resumable
+ && (s->session_id_length > 0 || s->ext.ticklen > 0);
+}
+
long SSL_CTX_set_timeout(SSL_CTX *s, long t)
{
long l;
return 0;
}
- if ((sess == NULL) || !ssl_version_supported(s, sess->ssl_version) ||
- /*
- * In the case of EAP-FAST, we can have a pre-shared
- * "ticket" without a session ID.
- */
- (!sess->session_id_length && !sess->ext.tick) ||
- (sess->not_resumable)) {
+ if (sess == NULL
+ || !ssl_version_supported(s, sess->ssl_version)
+ || !SSL_SESSION_is_resumable(sess)) {
if (!ssl_get_new_session(s, 0))
return 0;
}
SSL_CTX_add1_CA_list 441 1_1_1 EXIST::FUNCTION:
SSL_CTX_get0_CA_list 442 1_1_1 EXIST::FUNCTION:
SSL_CTX_add_custom_ext 443 1_1_1 EXIST::FUNCTION:
+SSL_SESSION_is_resumable 444 1_1_1 EXIST::FUNCTION: