aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/tls/tls_server.cpp2
-rw-r--r--src/tls/tls_session_manager.cpp46
-rw-r--r--src/tls/tls_session_manager.h32
3 files changed, 57 insertions, 23 deletions
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index 1d96f5631..f0d1fb361 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -40,7 +40,7 @@ bool check_for_resume(TLS_Session& session_info,
return false;
// not found
- if(!session_manager.find(client_session_id, session_info))
+ if(!session_manager.load_from_session_id(client_session_id, session_info))
return false;
// wrong version
diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp
index 05a092426..7503b7c28 100644
--- a/src/tls/tls_session_manager.cpp
+++ b/src/tls/tls_session_manager.cpp
@@ -11,11 +11,10 @@
namespace Botan {
-bool TLS_Session_Manager_In_Memory::find(const MemoryVector<byte>& session_id,
- TLS_Session& params)
+bool TLS_Session_Manager_In_Memory::load_from_session_str(
+ const std::string& session_str, TLS_Session& session)
{
- std::map<std::string, TLS_Session>::iterator i =
- sessions.find(hex_encode(session_id));
+ std::map<std::string, TLS_Session>::iterator i = sessions.find(session_str);
if(i == sessions.end())
return false;
@@ -28,17 +27,39 @@ bool TLS_Session_Manager_In_Memory::find(const MemoryVector<byte>& session_id,
return false;
}
- params = i->second;
+ session = i->second;
return true;
}
-bool TLS_Session_Manager_In_Memory::find(const std::string& hostname, u16bit port,
- TLS_Session& params)
+bool TLS_Session_Manager_In_Memory::load_from_session_id(
+ const MemoryVector<byte>& session_id, TLS_Session& session)
{
+ return load_from_session_str(hex_encode(session_id), session);
+ }
+
+bool TLS_Session_Manager_In_Memory::load_from_host_info(
+ const std::string& hostname, u16bit port, TLS_Session& session)
+ {
+ std::map<std::string, std::string>::iterator i;
+
+ if(port > 0)
+ i = host_sessions.find(hostname + ":" + to_string(port));
+ else
+ i = host_sessions.find(hostname);
+
+ if(i == host_sessions.end())
+ return false;
+
+ if(load_from_session_str(i->second, session))
+ return true;
+
+ // was removed from sessions map, remove host_sessions entry
+ host_sessions.erase(i);
+
return false;
}
-void TLS_Session_Manager_In_Memory::prohibit_resumption(
+void TLS_Session_Manager_In_Memory::remove_entry(
const MemoryVector<byte>& session_id)
{
std::map<std::string, TLS_Session>::iterator i =
@@ -48,7 +69,7 @@ void TLS_Session_Manager_In_Memory::prohibit_resumption(
sessions.erase(i);
}
-void TLS_Session_Manager_In_Memory::save(const TLS_Session& session_data)
+void TLS_Session_Manager_In_Memory::save(const TLS_Session& session)
{
if(max_sessions != 0)
{
@@ -60,7 +81,12 @@ void TLS_Session_Manager_In_Memory::save(const TLS_Session& session_data)
sessions.erase(sessions.begin());
}
- sessions[hex_encode(session_data.session_id())] = session_data;
+ const std::string session_id_str = hex_encode(session.session_id());
+
+ sessions[session_id_str] = session;
+
+ if(session.side() == CLIENT && session.sni_hostname() != "")
+ host_sessions[session.sni_hostname()] = session_id_str;
}
}
diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h
index e2b66afb5..b30de7364 100644
--- a/src/tls/tls_session_manager.h
+++ b/src/tls/tls_session_manager.h
@@ -17,6 +17,9 @@ namespace Botan {
* TLS_Session_Manager is an interface to systems which can save
* session parameters for supporting session resumption.
*
+* Saving sessions is done on a best-effort basis; an implementation is
+* allowed to drop sessions due to space constraints.
+*
* Implementations should strive to be thread safe
*/
class BOTAN_DLL TLS_Session_Manager
@@ -29,8 +32,8 @@ class BOTAN_DLL TLS_Session_Manager
or not modified if not found
* @return true if params was modified
*/
- virtual bool find(const MemoryVector<byte>& session_id,
- TLS_Session& params) = 0;
+ virtual bool load_from_session_id(const MemoryVector<byte>& session_id,
+ TLS_Session& params) = 0;
/**
* Try to load a saved session (client side)
@@ -40,13 +43,13 @@ class BOTAN_DLL TLS_Session_Manager
or not modified if not found
* @return true if params was modified
*/
- virtual bool find(const std::string& hostname, u16bit port,
- TLS_Session& params) = 0;
+ virtual bool load_from_host_info(const std::string& hostname, u16bit port,
+ TLS_Session& params) = 0;
/**
- * Prohibit resumption of this session. Effectively an erase.
+ * Remove this session id from the cache
*/
- virtual void prohibit_resumption(const MemoryVector<byte>& session_id) = 0;
+ virtual void remove_entry(const MemoryVector<byte>& session_id) = 0;
/**
* Save a session on a best effort basis; the manager may not in
@@ -83,19 +86,24 @@ class BOTAN_DLL TLS_Session_Manager_In_Memory : public TLS_Session_Manager
session_lifetime(session_lifetime)
{}
- bool find(const MemoryVector<byte>& session_id,
- TLS_Session& params);
+ bool load_from_session_id(const MemoryVector<byte>& session_id,
+ TLS_Session& params);
- bool find(const std::string& hostname, u16bit port,
- TLS_Session& params);
+ bool load_from_host_info(const std::string& hostname, u16bit port,
+ TLS_Session& params);
- void prohibit_resumption(const MemoryVector<byte>& session_id);
+ void remove_entry(const MemoryVector<byte>& session_id);
void save(const TLS_Session& session_data);
private:
+ bool load_from_session_str(const std::string& session_str,
+ TLS_Session& params);
+
size_t max_sessions, session_lifetime;
- std::map<std::string, TLS_Session> sessions;
+
+ std::map<std::string, TLS_Session> sessions; // hex(session_id) -> session
+ std::map<std::string, std::string> host_sessions;
};
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-17 11:01:42 +0000