aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_messages.h
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-04-04 15:09:51 +0000
committerlloyd <[email protected]>2012-04-04 15:09:51 +0000
commitf5d35f360a04acef3ad19b0abf9a830b0d52d5d8 (patch)
treeca23d42ebea4bdfb716e4b552b7befe1f494a53c /src/tls/tls_messages.h
parent0b7fb2651b187097e9c89e37e2672ff28830371a (diff)
Limit the lifetime of tickets to Policy::session_ticket_lifetime()
seconds and report that value to the client in the NewSessionTicket message. After that point, a session ticket is ignored and a full renegotiation is forced. Only send a new session ticket on a new session, or on a resumed session where the client indicated it supports session tickets but for whatever reason didn't send one in the hello. Perhaps in this case, we should also remove the session from the session manager? Clean up server selection of the ciphersuite a bit, all in an anon function in tls_server instead of scattered over Server, Policy, and Server_Hello. Add Session::session_age and Session_Manager::session_lifetime
Diffstat (limited to 'src/tls/tls_messages.h')
-rw-r--r--src/tls/tls_messages.h33
1 files changed, 10 insertions, 23 deletions
diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h
index 2f8af5fd2..920a1c7a7 100644
--- a/src/tls/tls_messages.h
+++ b/src/tls/tls_messages.h
@@ -163,10 +163,10 @@ class Server_Hello : public Handshake_Message
{
public:
Handshake_Type type() const { return SERVER_HELLO; }
- Protocol_Version version() { return s_version; }
+ Protocol_Version version() { return m_version; }
const MemoryVector<byte>& session_id() const { return m_session_id; }
- u16bit ciphersuite() const { return suite; }
- byte compression_method() const { return comp_method; }
+ u16bit ciphersuite() const { return m_ciphersuite; }
+ byte compression_method() const { return m_comp_method; }
std::vector<byte> session_id_vector() const
{
@@ -189,20 +189,7 @@ class Server_Hello : public Handshake_Message
const MemoryVector<byte>& renegotiation_info()
{ return m_renegotiation_info; }
- const MemoryVector<byte>& random() const { return s_random; }
-
- Server_Hello(Record_Writer& writer,
- Handshake_Hash& hash,
- Protocol_Version version,
- const Client_Hello& other,
- const std::vector<std::string>& available_cert_types,
- const Policy& policies,
- bool have_session_ticket_key,
- bool client_has_secure_renegotiation,
- const MemoryRegion<byte>& reneg_info,
- bool client_has_npn,
- const std::vector<std::string>& next_protocols,
- RandomNumberGenerator& rng);
+ const MemoryVector<byte>& random() const { return m_random; }
Server_Hello(Record_Writer& writer,
Handshake_Hash& hash,
@@ -213,7 +200,7 @@ class Server_Hello : public Handshake_Message
size_t max_fragment_size,
bool client_has_secure_renegotiation,
const MemoryRegion<byte>& reneg_info,
- bool client_supports_session_tickets,
+ bool offer_session_ticket,
bool client_has_npn,
const std::vector<std::string>& next_protocols,
RandomNumberGenerator& rng);
@@ -222,10 +209,10 @@ class Server_Hello : public Handshake_Message
private:
MemoryVector<byte> serialize() const;
- Protocol_Version s_version;
- MemoryVector<byte> m_session_id, s_random;
- u16bit suite;
- byte comp_method;
+ Protocol_Version m_version;
+ MemoryVector<byte> m_session_id, m_random;
+ u16bit m_ciphersuite;
+ byte m_comp_method;
size_t m_fragment_size;
bool m_secure_renegotiation;
@@ -479,7 +466,7 @@ class New_Session_Ticket : public Handshake_Message
New_Session_Ticket(Record_Writer& writer,
Handshake_Hash& hash,
const MemoryRegion<byte>& ticket,
- u32bit lifetime = 0);
+ u32bit lifetime);
New_Session_Ticket(Record_Writer& writer,
Handshake_Hash& hash);
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-16 00:45:12 +0000