From: Matt Caswell Date: Sun, 8 Feb 2015 15:43:16 +0000 (+0000) Subject: Provide the API functions SSL_SESSION_has_ticket and X-Git-Tag: OpenSSL_1_1_0-pre1~1655 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f2baac27d5f95326fa441e1cb08925b46f88b21c;p=oweals%2Fopenssl.git Provide the API functions SSL_SESSION_has_ticket and SSL_SESSION_get_ticket_lifetime_hint. The latter has been reported as required to fix Qt for OpenSSL 1.1.0. I have also added the former in order to determine whether a ticket is present or not - otherwise it is difficult to know whether a zero lifetime hint is because the server set it to 0, or because there is no ticket. Reviewed-by: Tim Hudson --- diff --git a/doc/ssl/SSL_SESSION_has_ticket.pod b/doc/ssl/SSL_SESSION_has_ticket.pod new file mode 100644 index 0000000000..bf249a4ab9 --- /dev/null +++ b/doc/ssl/SSL_SESSION_has_ticket.pod @@ -0,0 +1,34 @@ +=pod + +=head1 NAME + +SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint - check whether a session has an associated ticket, and get its lifetime hint. + +=head1 SYNOPSIS + + #include + + int SSL_SESSION_has_ticket(const SSL_SESSION *s); + unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); + +=head1 DESCRIPTION + +SSL_SESSION_has_ticket() returns 1 if there is a Session Ticket associated with +this session, and 0 otherwise. + +SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds +associated with the session ticket. + +=head1 SEE ALSO + +L, +L, +L, +L + +=head1 HISTORY + +SSL_SESSION_has_ticket and SSL_SESSION_get_ticket_lifetime_hint were added in +OpenSSL 1.1.0. + +=cut diff --git a/ssl/ssl.h b/ssl/ssl.h index 564b75ec88..6d9ac0301d 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1460,6 +1460,8 @@ long SSL_SESSION_get_time(const SSL_SESSION *s); long SSL_SESSION_set_time(SSL_SESSION *s, long t); long SSL_SESSION_get_timeout(const SSL_SESSION *s); long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +int SSL_SESSION_has_ticket(const SSL_SESSION *s); +unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); void SSL_copy_session_id(SSL *to, const SSL *from); X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 0eda59e1e7..0f07ed58a1 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -848,6 +848,16 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t) return (t); } +int SSL_SESSION_has_ticket(const SSL_SESSION *s) +{ + return (s->tlsext_ticklen > 0) ? 1 : 0; +} + +unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s) +{ + return s->tlsext_tick_lifetime_hint; +} + X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) { return s->peer;