diff options
author | lloyd <[email protected]> | 2011-12-30 21:26:20 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2011-12-30 21:26:20 +0000 |
commit | bf41971fe4ee6a38609e0ea142010b03017e0329 (patch) | |
tree | e7d1f62c6139ae345382b853243631dc8b865bce /src | |
parent | 2920f1be500d53414b863ec61ca9c2008336479f (diff) |
Better names on the session manager. Plausible client lookup support,
untested though.
Diffstat (limited to 'src')
-rw-r--r-- | src/tls/tls_server.cpp | 2 | ||||
-rw-r--r-- | src/tls/tls_session_manager.cpp | 46 | ||||
-rw-r--r-- | src/tls/tls_session_manager.h | 32 |
3 files changed, 57 insertions, 23 deletions
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 1d96f5631..f0d1fb361 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -40,7 +40,7 @@ bool check_for_resume(TLS_Session& session_info, return false; // not found - if(!session_manager.find(client_session_id, session_info)) + if(!session_manager.load_from_session_id(client_session_id, session_info)) return false; // wrong version diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp index 05a092426..7503b7c28 100644 --- a/src/tls/tls_session_manager.cpp +++ b/src/tls/tls_session_manager.cpp @@ -11,11 +11,10 @@ namespace Botan { -bool TLS_Session_Manager_In_Memory::find(const MemoryVector<byte>& session_id, - TLS_Session& params) +bool TLS_Session_Manager_In_Memory::load_from_session_str( + const std::string& session_str, TLS_Session& session) { - std::map<std::string, TLS_Session>::iterator i = - sessions.find(hex_encode(session_id)); + std::map<std::string, TLS_Session>::iterator i = sessions.find(session_str); if(i == sessions.end()) return false; @@ -28,17 +27,39 @@ bool TLS_Session_Manager_In_Memory::find(const MemoryVector<byte>& session_id, return false; } - params = i->second; + session = i->second; return true; } -bool TLS_Session_Manager_In_Memory::find(const std::string& hostname, u16bit port, - TLS_Session& params) +bool TLS_Session_Manager_In_Memory::load_from_session_id( + const MemoryVector<byte>& session_id, TLS_Session& session) { + return load_from_session_str(hex_encode(session_id), session); + } + +bool TLS_Session_Manager_In_Memory::load_from_host_info( + const std::string& hostname, u16bit port, TLS_Session& session) + { + std::map<std::string, std::string>::iterator i; + + if(port > 0) + i = host_sessions.find(hostname + ":" + to_string(port)); + else + i = host_sessions.find(hostname); + + if(i == host_sessions.end()) + return false; + + if(load_from_session_str(i->second, session)) + return true; + + // was removed from sessions map, remove host_sessions entry + host_sessions.erase(i); + return false; } -void TLS_Session_Manager_In_Memory::prohibit_resumption( +void TLS_Session_Manager_In_Memory::remove_entry( const MemoryVector<byte>& session_id) { std::map<std::string, TLS_Session>::iterator i = @@ -48,7 +69,7 @@ void TLS_Session_Manager_In_Memory::prohibit_resumption( sessions.erase(i); } -void TLS_Session_Manager_In_Memory::save(const TLS_Session& session_data) +void TLS_Session_Manager_In_Memory::save(const TLS_Session& session) { if(max_sessions != 0) { @@ -60,7 +81,12 @@ void TLS_Session_Manager_In_Memory::save(const TLS_Session& session_data) sessions.erase(sessions.begin()); } - sessions[hex_encode(session_data.session_id())] = session_data; + const std::string session_id_str = hex_encode(session.session_id()); + + sessions[session_id_str] = session; + + if(session.side() == CLIENT && session.sni_hostname() != "") + host_sessions[session.sni_hostname()] = session_id_str; } } diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h index e2b66afb5..b30de7364 100644 --- a/src/tls/tls_session_manager.h +++ b/src/tls/tls_session_manager.h @@ -17,6 +17,9 @@ namespace Botan { * TLS_Session_Manager is an interface to systems which can save * session parameters for supporting session resumption. * +* Saving sessions is done on a best-effort basis; an implementation is +* allowed to drop sessions due to space constraints. +* * Implementations should strive to be thread safe */ class BOTAN_DLL TLS_Session_Manager @@ -29,8 +32,8 @@ class BOTAN_DLL TLS_Session_Manager or not modified if not found * @return true if params was modified */ - virtual bool find(const MemoryVector<byte>& session_id, - TLS_Session& params) = 0; + virtual bool load_from_session_id(const MemoryVector<byte>& session_id, + TLS_Session& params) = 0; /** * Try to load a saved session (client side) @@ -40,13 +43,13 @@ class BOTAN_DLL TLS_Session_Manager or not modified if not found * @return true if params was modified */ - virtual bool find(const std::string& hostname, u16bit port, - TLS_Session& params) = 0; + virtual bool load_from_host_info(const std::string& hostname, u16bit port, + TLS_Session& params) = 0; /** - * Prohibit resumption of this session. Effectively an erase. + * Remove this session id from the cache */ - virtual void prohibit_resumption(const MemoryVector<byte>& session_id) = 0; + virtual void remove_entry(const MemoryVector<byte>& session_id) = 0; /** * Save a session on a best effort basis; the manager may not in @@ -83,19 +86,24 @@ class BOTAN_DLL TLS_Session_Manager_In_Memory : public TLS_Session_Manager session_lifetime(session_lifetime) {} - bool find(const MemoryVector<byte>& session_id, - TLS_Session& params); + bool load_from_session_id(const MemoryVector<byte>& session_id, + TLS_Session& params); - bool find(const std::string& hostname, u16bit port, - TLS_Session& params); + bool load_from_host_info(const std::string& hostname, u16bit port, + TLS_Session& params); - void prohibit_resumption(const MemoryVector<byte>& session_id); + void remove_entry(const MemoryVector<byte>& session_id); void save(const TLS_Session& session_data); private: + bool load_from_session_str(const std::string& session_str, + TLS_Session& params); + size_t max_sessions, session_lifetime; - std::map<std::string, TLS_Session> sessions; + + std::map<std::string, TLS_Session> sessions; // hex(session_id) -> session + std::map<std::string, std::string> host_sessions; }; } |