aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_session_manager.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Add TLS::Server_Information to encapsulate the hostname/port pair.lloyd2012-10-131-18/+13
| | | | | | | Add a service identifier as well, to help out clients which may want to negotiate multiple protocols over a single port and need to keep the sessions disambiguated. Not sure if that is useful, but it might be.
* In the in-memory session manager, choose a random key at startup andlloyd2012-08-051-4/+21
| | | | | | | | encrypt all of the sessions, decrypting before return. This minimizes load on the locked memory (48 bytes master secret per session, vs 32 bytes for a single master key). It might also make recovering session data from memory dumps a little bit harder though this isn't worth counting on IMO
* Add an optional parameter to TLS::Client specifying the port number.lloyd2012-07-121-10/+13
| | | | | | Pass this down into the session managers. Also document how to use session tickets with TLS servers.
* Generate new session IDs in the same format as hello randoms, with thelloyd2012-06-101-2/+2
| | | | | | first 4 bytes a timestamp. Conveniently this means removing the lexicographically first session id from a cache is removing the oldest session.
* Fairly huge update that replaces the old secmem types with std::vectorlloyd2012-05-181-2/+2
| | | | | | using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
* Huge pile of post merge fixups, mtn really fucked that mergelloyd2012-04-251-15/+15
|
* propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵lloyd2012-04-251-6/+6
|\ | | | | | | | | | | a4741cd07f50a9e1b29b0dd97c6fb8697c038ade) to branch 'net.randombit.botan.cxx11' (head 116e5ff139c07000be431e07d3472cc8f3919b91)
| * Limit the lifetime of tickets to Policy::session_ticket_lifetime()lloyd2012-04-041-17/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | seconds and report that value to the client in the NewSessionTicket message. After that point, a session ticket is ignored and a full renegotiation is forced. Only send a new session ticket on a new session, or on a resumed session where the client indicated it supports session tickets but for whatever reason didn't send one in the hello. Perhaps in this case, we should also remove the session from the session manager? Clean up server selection of the ciphersuite a bit, all in an anon function in tls_server instead of scattered over Server, Policy, and Server_Hello. Add Session::session_age and Session_Manager::session_lifetime
* | Merge fixups. Add locking to default session manager. Use chrono liblloyd2012-02-201-7/+17
|/ | | | and unique_ptr.
* Since this branch is hugely API breaking already, go ahead and putlloyd2012-01-231-10/+14
| | | | | everything into a new namespace (Botan::TLS), removing the TLS_ prefixes on everything.
* Split hello.cpp into c_hello.cpp and s_hello.cpplloyd2012-01-041-2/+0
| | | | | | Add support for NPN on the server side. Server is initialized with the list of protocols it wants to offer, once the handshake completes the client requested protocol is available via a getter.
* Add support for client-side session resumptionlloyd2011-12-311-3/+5
|
* Better names on the session manager. Plausible client lookup support,lloyd2011-12-301-10/+36
| | | | untested though.
* Rename the session type to 'TLS_Session'. Split the manager out intolloyd2011-12-301-0/+66
its own file. Rename tls_state to tls_handshake_state.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-23 20:11:27 +0000