OLD | NEW |
(Empty) | |
| 1 --- openssl-1.0.0b.orig/ssl/ssl.h 2010-11-30 00:03:46.000000000 +0000 |
| 2 +++ openssl-1.0.0b/ssl/ssl.h 2010-11-30 00:03:47.000000000 +0000 |
| 3 @@ -1133,6 +1133,9 @@ struct ssl_st |
| 4 /* This can also be in the session once a session is established */ |
| 5 SSL_SESSION *session; |
| 6 |
| 7 + /* This can be disabled to prevent the use of uncached sessions */ |
| 8 + int session_creation_enabled; |
| 9 + |
| 10 /* Default generate session ID callback. */ |
| 11 GEN_SESSION_CB generate_session_id; |
| 12 |
| 13 @@ -1546,6 +1549,7 @@ const SSL_CIPHER *SSL_get_current_cipher |
| 14 int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); |
| 15 char * SSL_CIPHER_get_version(const SSL_CIPHER *c); |
| 16 const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); |
| 17 +const char * SSL_CIPHER_authentication_method(const SSL_CIPHER *c); |
| 18 |
| 19 int SSL_get_fd(const SSL *s); |
| 20 int SSL_get_rfd(const SSL *s); |
| 21 @@ -1554,6 +1558,7 @@ const char * SSL_get_cipher_list(const |
| 22 char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); |
| 23 int SSL_get_read_ahead(const SSL * s); |
| 24 int SSL_pending(const SSL *s); |
| 25 +const char * SSL_authentication_method(const SSL *c); |
| 26 #ifndef OPENSSL_NO_SOCK |
| 27 int SSL_set_fd(SSL *s, int fd); |
| 28 int SSL_set_rfd(SSL *s, int fd); |
| 29 @@ -1565,6 +1570,7 @@ BIO * SSL_get_rbio(const SSL *s); |
| 30 BIO * SSL_get_wbio(const SSL *s); |
| 31 #endif |
| 32 int SSL_set_cipher_list(SSL *s, const char *str); |
| 33 +int SSL_set_cipher_lists(SSL *s, STACK_OF(SSL_CIPHER) *sk); |
| 34 void SSL_set_read_ahead(SSL *s, int yes); |
| 35 int SSL_get_verify_mode(const SSL *s); |
| 36 int SSL_get_verify_depth(const SSL *s); |
| 37 @@ -1580,6 +1586,8 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKE |
| 38 int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long le
n); |
| 39 int SSL_use_certificate(SSL *ssl, X509 *x); |
| 40 int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); |
| 41 +int SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain); |
| 42 +STACK_OF(X509) * SSL_get_certificate_chain(SSL *ssl, X509 *x); |
| 43 |
| 44 #ifndef OPENSSL_NO_STDIO |
| 45 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); |
| 46 @@ -1615,6 +1623,7 @@ void SSL_copy_session_id(SSL *to,const S |
| 47 SSL_SESSION *SSL_SESSION_new(void); |
| 48 const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, |
| 49 unsigned int *len); |
| 50 +const char * SSL_SESSION_get_version(const SSL_SESSION *s); |
| 51 #ifndef OPENSSL_NO_FP_API |
| 52 int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); |
| 53 #endif |
| 54 @@ -1624,6 +1633,7 @@ int SSL_SESSION_print(BIO *fp,const SSL_ |
| 55 void SSL_SESSION_free(SSL_SESSION *ses); |
| 56 int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); |
| 57 int SSL_set_session(SSL *to, SSL_SESSION *session); |
| 58 +void SSL_set_session_creation_enabled(SSL *, int); |
| 59 int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); |
| 60 int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); |
| 61 int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); |
| 62 @@ -2066,6 +2076,7 @@ void ERR_load_SSL_strings(void); |
| 63 #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 |
| 64 #define SSL_F_SSL_USE_CERTIFICATE 198 |
| 65 #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 |
| 66 +#define SSL_F_SSL_USE_CERTIFICATE_CHAIN 2000 |
| 67 #define SSL_F_SSL_USE_CERTIFICATE_FILE 200 |
| 68 #define SSL_F_SSL_USE_PRIVATEKEY 201 |
| 69 #define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 |
| 70 @@ -2272,6 +2283,7 @@ void ERR_load_SSL_strings(void); |
| 71 #define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 |
| 72 #define SSL_R_SERVERHELLO_TLSEXT 275 |
| 73 #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 |
| 74 +#define SSL_R_SESSION_MAY_NOT_BE_CREATED 2000 |
| 75 #define SSL_R_SHORT_READ 219 |
| 76 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 |
| 77 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 |
| 78 --- openssl-1.0.0b.orig/ssl/d1_clnt.c 2010-01-26 19:46:29.000000000 +0000 |
| 79 +++ openssl-1.0.0b/ssl/d1_clnt.c 2010-11-30 00:03:47.000000000 +0000 |
| 80 @@ -613,6 +613,12 @@ int dtls1_client_hello(SSL *s) |
| 81 #endif |
| 82 (s->session->not_resumable)) |
| 83 { |
| 84 + if (!s->session_creation_enabled) |
| 85 + { |
| 86 + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE
_FAILURE); |
| 87 + SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_SESSION_MA
Y_NOT_BE_CREATED); |
| 88 + goto err; |
| 89 + } |
| 90 if (!ssl_get_new_session(s,0)) |
| 91 goto err; |
| 92 } |
| 93 --- openssl-1.0.0b.orig/ssl/s23_clnt.c 2010-02-16 14:20:40.000000000 +0000 |
| 94 +++ openssl-1.0.0b/ssl/s23_clnt.c 2010-11-30 00:03:47.000000000 +0000 |
| 95 @@ -687,6 +687,13 @@ static int ssl23_get_server_hello(SSL *s |
| 96 |
| 97 /* Since, if we are sending a ssl23 client hello, we are not |
| 98 * reusing a session-id */ |
| 99 + if (!s->session_creation_enabled) |
| 100 + { |
| 101 + if (!(s->client_version == SSL2_VERSION)) |
| 102 + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE
); |
| 103 + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CRE
ATED); |
| 104 + goto err; |
| 105 + } |
| 106 if (!ssl_get_new_session(s,0)) |
| 107 goto err; |
| 108 |
| 109 --- openssl-1.0.0b.orig/ssl/s3_both.c 2010-11-30 00:03:46.000000000 +0000 |
| 110 +++ openssl-1.0.0b/ssl/s3_both.c 2010-11-30 00:03:47.000000000 +0000 |
| 111 @@ -347,8 +347,11 @@ unsigned long ssl3_output_cert_chain(SSL |
| 112 unsigned long l=7; |
| 113 BUF_MEM *buf; |
| 114 int no_chain; |
| 115 + STACK_OF(X509) *cert_chain; |
| 116 |
| 117 - if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs) |
| 118 + cert_chain = SSL_get_certificate_chain(s, x); |
| 119 + |
| 120 + if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs || cert_ch
ain) |
| 121 no_chain = 1; |
| 122 else |
| 123 no_chain = 0; |
| 124 @@ -400,6 +403,10 @@ unsigned long ssl3_output_cert_chain(SSL |
| 125 return(0); |
| 126 } |
| 127 |
| 128 + for (i=0; i<sk_X509_num(cert_chain); i++) |
| 129 + if (ssl3_add_cert_to_buf(buf, &l, sk_X509_value(cert_chain,i))) |
| 130 + return(0); |
| 131 + |
| 132 l-=7; |
| 133 p=(unsigned char *)&(buf->data[4]); |
| 134 l2n3(l,p); |
| 135 --- openssl-1.0.0b.orig/ssl/s3_clnt.c 2010-11-30 00:03:46.000000000 +0000 |
| 136 +++ openssl-1.0.0b/ssl/s3_clnt.c 2010-11-30 00:03:47.000000000 +0000 |
| 137 @@ -686,6 +686,12 @@ int ssl3_client_hello(SSL *s) |
| 138 #endif |
| 139 (sess->not_resumable)) |
| 140 { |
| 141 + if (!s->session_creation_enabled) |
| 142 + { |
| 143 + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE
_FAILURE); |
| 144 + SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_SESSION_MAY
_NOT_BE_CREATED); |
| 145 + goto err; |
| 146 + } |
| 147 if (!ssl_get_new_session(s,0)) |
| 148 goto err; |
| 149 } |
| 150 @@ -894,6 +900,12 @@ int ssl3_get_server_hello(SSL *s) |
| 151 s->hit=0; |
| 152 if (s->session->session_id_length > 0) |
| 153 { |
| 154 + if (!s->session_creation_enabled) |
| 155 + { |
| 156 + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE
_FAILURE); |
| 157 + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SESSION
_MAY_NOT_BE_CREATED); |
| 158 + goto err; |
| 159 + } |
| 160 if (!ssl_get_new_session(s,0)) |
| 161 { |
| 162 al=SSL_AD_INTERNAL_ERROR; |
| 163 --- openssl-1.0.0b.orig/ssl/s3_srvr.c 2010-11-30 00:03:46.000000000 +0000 |
| 164 +++ openssl-1.0.0b/ssl/s3_srvr.c 2010-11-30 00:03:47.000000000 +0000 |
| 165 @@ -902,6 +902,12 @@ int ssl3_get_client_hello(SSL *s) |
| 166 */ |
| 167 if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_REN
EGOTIATION))) |
| 168 { |
| 169 + if (!s->session_creation_enabled) |
| 170 + { |
| 171 + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE
); |
| 172 + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT
_BE_CREATED); |
| 173 + goto err; |
| 174 + } |
| 175 if (!ssl_get_new_session(s,1)) |
| 176 goto err; |
| 177 } |
| 178 @@ -916,6 +922,12 @@ int ssl3_get_client_hello(SSL *s) |
| 179 goto err; |
| 180 else /* i == 0 */ |
| 181 { |
| 182 + if (!s->session_creation_enabled) |
| 183 + { |
| 184 + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE
_FAILURE); |
| 185 + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_SESSION
_MAY_NOT_BE_CREATED); |
| 186 + goto err; |
| 187 + } |
| 188 if (!ssl_get_new_session(s,1)) |
| 189 goto err; |
| 190 } |
| 191 --- openssl-1.0.0b.orig/ssl/ssl_ciph.c 2010-06-15 17:25:14.000000000 +0000 |
| 192 +++ openssl-1.0.0b/ssl/ssl_ciph.c 2010-11-30 00:03:47.000000000 +0000 |
| 193 @@ -1652,6 +1652,52 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER |
| 194 return(ret); |
| 195 } |
| 196 |
| 197 +/* return string version of key exchange algorithm */ |
| 198 +const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher) |
| 199 + { |
| 200 + switch (cipher->algorithm_mkey) |
| 201 + { |
| 202 + case SSL_kRSA: |
| 203 + return SSL_TXT_RSA; |
| 204 + case SSL_kDHr: |
| 205 + return SSL_TXT_DH "_" SSL_TXT_RSA; |
| 206 + case SSL_kDHd: |
| 207 + return SSL_TXT_DH "_" SSL_TXT_DSS; |
| 208 + case SSL_kEDH: |
| 209 + switch (cipher->algorithm_auth) |
| 210 + { |
| 211 + case SSL_aDSS: |
| 212 + return "DHE_" SSL_TXT_DSS; |
| 213 + case SSL_aRSA: |
| 214 + return "DHE_" SSL_TXT_RSA; |
| 215 + case SSL_aNULL: |
| 216 + return SSL_TXT_DH "_anon"; |
| 217 + default: |
| 218 + return "UNKNOWN"; |
| 219 + } |
| 220 + case SSL_kKRB5: |
| 221 + return SSL_TXT_KRB5; |
| 222 + case SSL_kECDHr: |
| 223 + return SSL_TXT_ECDH "_" SSL_TXT_RSA; |
| 224 + case SSL_kECDHe: |
| 225 + return SSL_TXT_ECDH "_" SSL_TXT_ECDSA; |
| 226 + case SSL_kEECDH: |
| 227 + switch (cipher->algorithm_auth) |
| 228 + { |
| 229 + case SSL_aECDSA: |
| 230 + return "ECDHE_" SSL_TXT_ECDSA; |
| 231 + case SSL_aRSA: |
| 232 + return "ECDHE_" SSL_TXT_RSA; |
| 233 + case SSL_aNULL: |
| 234 + return SSL_TXT_ECDH "_anon"; |
| 235 + default: |
| 236 + return "UNKNOWN"; |
| 237 + } |
| 238 + default: |
| 239 + return "UNKNOWN"; |
| 240 + } |
| 241 + } |
| 242 + |
| 243 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) |
| 244 { |
| 245 SSL_COMP *ctmp; |
| 246 --- openssl-1.0.0b.orig/ssl/ssl_err.c 2010-11-30 00:03:46.000000000 +0000 |
| 247 +++ openssl-1.0.0b/ssl/ssl_err.c 2010-11-30 00:03:47.000000000 +0000 |
| 248 @@ -465,6 +465,7 @@ static ERR_STRING_DATA SSL_str_reasons[] |
| 249 {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegot
iating"}, |
| 250 {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, |
| 251 {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uniniti
alized"}, |
| 252 +{ERR_REASON(SSL_R_SESSION_MAY_NOT_BE_CREATED),"session may not be created"}, |
| 253 {ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, |
| 254 {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non sig
ning certificate"}, |
| 255 {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}
, |
| 256 --- openssl-1.0.0b.orig/ssl/ssl_lib.c 2010-11-30 00:03:46.000000000 +0000 |
| 257 +++ openssl-1.0.0b/ssl/ssl_lib.c 2010-11-30 00:03:47.000000000 +0000 |
| 258 @@ -326,6 +326,7 @@ SSL *SSL_new(SSL_CTX *ctx) |
| 259 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); |
| 260 memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); |
| 261 s->verify_callback=ctx->default_verify_callback; |
| 262 + s->session_creation_enabled=1; |
| 263 s->generate_session_id=ctx->generate_session_id; |
| 264 |
| 265 s->param = X509_VERIFY_PARAM_new(); |
| 266 @@ -1311,6 +1312,32 @@ int SSL_set_cipher_list(SSL *s,const cha |
| 267 return 1; |
| 268 } |
| 269 |
| 270 +/** specify the ciphers to be used by the SSL */ |
| 271 +int SSL_set_cipher_lists(SSL *s,STACK_OF(SSL_CIPHER) *sk) |
| 272 + { |
| 273 + STACK_OF(SSL_CIPHER) *tmp_cipher_list; |
| 274 + |
| 275 + if (sk == NULL) |
| 276 + return 0; |
| 277 + |
| 278 + /* Based on end of ssl_create_cipher_list */ |
| 279 + tmp_cipher_list = sk_SSL_CIPHER_dup(sk); |
| 280 + if (tmp_cipher_list == NULL) |
| 281 + { |
| 282 + return 0; |
| 283 + } |
| 284 + if (s->cipher_list != NULL) |
| 285 + sk_SSL_CIPHER_free(s->cipher_list); |
| 286 + s->cipher_list = sk; |
| 287 + if (s->cipher_list_by_id != NULL) |
| 288 + sk_SSL_CIPHER_free(s->cipher_list_by_id); |
| 289 + s->cipher_list_by_id = tmp_cipher_list; |
| 290 + (void)sk_SSL_CIPHER_set_cmp_func(s->cipher_list_by_id,ssl_cipher_ptr_id_
cmp); |
| 291 + |
| 292 + sk_SSL_CIPHER_sort(s->cipher_list_by_id); |
| 293 + return 1; |
| 294 + } |
| 295 + |
| 296 /* works well for SSLv2, not so good for SSLv3 */ |
| 297 char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) |
| 298 { |
| 299 @@ -2551,18 +2578,45 @@ SSL_METHOD *ssl_bad_method(int ver) |
| 300 return(NULL); |
| 301 } |
| 302 |
| 303 -const char *SSL_get_version(const SSL *s) |
| 304 +static const char *ssl_get_version(int version) |
| 305 { |
| 306 - if (s->version == TLS1_VERSION) |
| 307 + if (version == TLS1_VERSION) |
| 308 return("TLSv1"); |
| 309 - else if (s->version == SSL3_VERSION) |
| 310 + else if (version == SSL3_VERSION) |
| 311 return("SSLv3"); |
| 312 - else if (s->version == SSL2_VERSION) |
| 313 + else if (version == SSL2_VERSION) |
| 314 return("SSLv2"); |
| 315 else |
| 316 return("unknown"); |
| 317 } |
| 318 |
| 319 +const char *SSL_get_version(const SSL *s) |
| 320 + { |
| 321 + return ssl_get_version(s->version); |
| 322 + } |
| 323 + |
| 324 +const char *SSL_SESSION_get_version(const SSL_SESSION *s) |
| 325 + { |
| 326 + return ssl_get_version(s->ssl_version); |
| 327 + } |
| 328 + |
| 329 +const char* SSL_authentication_method(const SSL* ssl) |
| 330 + { |
| 331 + if (ssl->cert != NULL && ssl->cert->rsa_tmp != NULL) |
| 332 + return SSL_TXT_RSA "_" SSL_TXT_EXPORT; |
| 333 + switch (ssl->version) |
| 334 + { |
| 335 + case SSL2_VERSION: |
| 336 + return SSL_TXT_RSA; |
| 337 + case SSL3_VERSION: |
| 338 + case TLS1_VERSION: |
| 339 + case DTLS1_VERSION: |
| 340 + return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher)
; |
| 341 + default: |
| 342 + return "UNKNOWN"; |
| 343 + } |
| 344 + } |
| 345 + |
| 346 SSL *SSL_dup(SSL *s) |
| 347 { |
| 348 STACK_OF(X509_NAME) *sk; |
| 349 --- openssl-1.0.0b.orig/ssl/ssl_locl.h 2010-11-30 00:03:46.000000000 +0000 |
| 350 +++ openssl-1.0.0b/ssl/ssl_locl.h 2010-11-30 00:03:47.000000000 +0000 |
| 351 @@ -456,6 +456,7 @@ |
| 352 typedef struct cert_pkey_st |
| 353 { |
| 354 X509 *x509; |
| 355 + STACK_OF(X509) *cert_chain; |
| 356 EVP_PKEY *privatekey; |
| 357 } CERT_PKEY; |
| 358 |
| 359 --- openssl-1.0.0b.orig/ssl/ssl_rsa.c 2009-09-12 23:09:26.000000000 +0000 |
| 360 +++ openssl-1.0.0b/ssl/ssl_rsa.c 2010-11-30 00:03:47.000000000 +0000 |
| 361 @@ -697,6 +697,42 @@ int SSL_CTX_use_PrivateKey_ASN1(int type |
| 362 } |
| 363 |
| 364 |
| 365 +int SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain) |
| 366 + { |
| 367 + if (ssl == NULL) |
| 368 + { |
| 369 + SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,ERR_R_PASSED_NULL_PARAMET
ER); |
| 370 + return(0); |
| 371 + } |
| 372 + if (ssl->cert == NULL) |
| 373 + { |
| 374 + SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,SSL_R_NO_CERTIFICATE_ASSI
GNED); |
| 375 + return(0); |
| 376 + } |
| 377 + if (ssl->cert->key == NULL) |
| 378 + { |
| 379 + SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,SSL_R_NO_CERTIFICATE_ASSI
GNED); |
| 380 + return(0); |
| 381 + } |
| 382 + ssl->cert->key->cert_chain = cert_chain; |
| 383 + return(1); |
| 384 + } |
| 385 + |
| 386 +STACK_OF(X509) *SSL_get_certificate_chain(SSL *ssl, X509 *x) |
| 387 + { |
| 388 + int i; |
| 389 + if (x == NULL) |
| 390 + return NULL; |
| 391 + if (ssl == NULL) |
| 392 + return NULL; |
| 393 + if (ssl->cert == NULL) |
| 394 + return NULL; |
| 395 + for (i = 0; i < SSL_PKEY_NUM; i++) |
| 396 + if (ssl->cert->pkeys[i].x509 == x) |
| 397 + return ssl->cert->pkeys[i].cert_chain; |
| 398 + return NULL; |
| 399 + } |
| 400 + |
| 401 #ifndef OPENSSL_NO_STDIO |
| 402 /* Read a file that contains our certificate in "PEM" format, |
| 403 * possibly followed by a sequence of CA certificates that should be |
| 404 --- openssl-1.0.0b.orig/ssl/ssl_sess.c 2010-02-01 16:49:42.000000000 +0000 |
| 405 +++ openssl-1.0.0b/ssl/ssl_sess.c 2010-11-30 00:03:47.000000000 +0000 |
| 406 @@ -261,6 +261,11 @@ static int def_generate_session_id(const |
| 407 return 0; |
| 408 } |
| 409 |
| 410 +void SSL_set_session_creation_enabled (SSL *s, int creation_enabled) |
| 411 + { |
| 412 + s->session_creation_enabled = creation_enabled; |
| 413 + } |
| 414 + |
| 415 int ssl_get_new_session(SSL *s, int session) |
| 416 { |
| 417 /* This gets used by clients and servers. */ |
| 418 @@ -269,6 +274,8 @@ int ssl_get_new_session(SSL *s, int sess |
| 419 SSL_SESSION *ss=NULL; |
| 420 GEN_SESSION_CB cb = def_generate_session_id; |
| 421 |
| 422 + /* caller should check this if they can do better error handling */ |
| 423 + if (!s->session_creation_enabled) return(0); |
| 424 if ((ss=SSL_SESSION_new()) == NULL) return(0); |
| 425 |
| 426 /* If the context has a default timeout, use it */ |
OLD | NEW |