Limit the lifetime of tickets to Policy::session_ticket_lifetime()

seconds and report that value to the client in the NewSessionTicket
message. After that point, a session ticket is ignored and a full
renegotiation is forced.

Only send a new session ticket on a new session, or on a resumed
session where the client indicated it supports session tickets but for
whatever reason didn't send one in the hello. Perhaps in this case, we
should also remove the session from the session manager?

Clean up server selection of the ciphersuite a bit, all in an anon
function in tls_server instead of scattered over Server, Policy, and
Server_Hello.

Add Session::session_age and Session_Manager::session_lifetime

1 files changed, 9 insertions, 4 deletions

diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp
index 1ca4e3eb4..59ab64374 100644
--- a/src/tls/tls_extensions.cpp
+++ b/src/tls/tls_extensions.cpp
@@ -468,11 +468,16 @@ MemoryVector<byte> Signature_Algorithms::serialize() const
 
    for(size_t i = 0; i != m_supported_algos.size(); ++i)
       {
-      if(m_supported_algos[i].second == "")
-         continue;
+      try
+         {
+         const byte hash_code = hash_algo_code(m_supported_algos[i].first);
+         const byte sig_code = sig_algo_code(m_supported_algos[i].second);
 
-      buf.push_back(hash_algo_code(m_supported_algos[i].first));
-      buf.push_back(sig_algo_code(m_supported_algos[i].second));
+         buf.push_back(hash_code);
+         buf.push_back(sig_code);
+         }
+      catch(...)
+         {}
       }
 
    buf[0] = get_byte<u16bit>(0, buf.size()-2);