diff --git a/ChangeLog b/ChangeLog index e9dc52c86..796ff2212 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,10 +38,10 @@ Features ServerHello. * Add new configuration option MBEDTLS_SSL_PROTO_NO_TLS that enables code size savings in configurations where only DTLS is used. - * Add new configuration option MBEDTLS_SSL_SESSION_CACHE that can be used - to enable/disable cache based session resumption - * Add new configuration option MBEDTLS_SSL_SESSION_RESUMPTION that can be - used to enable/disable session resumption feature entirely. + * Add new configuration option MBEDTLS_SSL_NO_SESSION_CACHE that can be used + to disable cache based session resumption + * Add new configuration option MBEDTLS_SSL_NO_SESSION_RESUMPTION that can be + used to disable session resumption feature entirely. API Changes * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`. diff --git a/configs/baremetal.h b/configs/baremetal.h index cd0202eaa..b8bf3e0f1 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -71,8 +71,8 @@ #define MBEDTLS_SSL_TLS_C #define MBEDTLS_SSL_PROTO_TLS1_2 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET -#define MBEDTLS_SSL_SESSION_CACHE -#define MBEDTLS_SSL_SESSION_RESUMPTION +#define MBEDTLS_SSL_NO_SESSION_CACHE +#define MBEDTLS_SSL_NO_SESSION_RESUMPTION #define MBEDTLS_SSL_COOKIE_C #define MBEDTLS_SSL_PROTO_DTLS #define MBEDTLS_SSL_PROTO_NO_TLS diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 27dd8aab9..030236a0a 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -671,10 +671,14 @@ #error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites" #endif -#if ( defined(MBEDTLS_SSL_SESSION_TICKETS) || \ - defined(MBEDTLS_SSL_SESSION_CACHE) ) && \ - !defined(MBEDTLS_SSL_SESSION_RESUMPTION) -#error "MBEDTLS_SSL_SESSION_TICKETS/MBEDTLS_SSL_SESSION_CACHE cannot be defined without MBEDTLS_SSL_SESSION_RESUMPTION" +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) +#error "MBEDTLS_SSL_SESSION_TICKETS cannot be defined with MBEDTLS_SSL_NO_SESSION_RESUMPTION" +#endif + +#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE) && \ + defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) +#error "MBEDTLS_NO_SESSION_CACHE needs to be defined with MBEDTLS_SSL_NO_SESSION_RESUMPTION" #endif #if defined(MBEDTLS_THREADING_PTHREAD) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index cfb2094da..5f2028a9f 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1664,34 +1664,60 @@ * tickets, including authenticated encryption and key management. Example * callbacks are provided by MBEDTLS_SSL_TICKET_C. * - * Requires: MBEDTLS_SSL_SESSION_RESUMPTION + * Requires: !MBEDTLS_SSL_NO_SESSION_RESUMPTION * * Comment this macro to disable support for SSL session tickets */ -#define MBEDTLS_SSL_SESSION_TICKETS +//#define MBEDTLS_SSL_SESSION_TICKETS /** - * \def MBEDTLS_SSL_SESSION_CACHE + * \def MBEDTLS_SSL_NO_SESSION_CACHE * - * Enable support for cache based session resumption. + * Disable support for cache based session resumption. * - * Requires: MBEDTLS_SSL_SESSION_RESUMPTION + * This option is only about the server-side support of the session caches. + * Client will only need the MBEDTLS_SSL_SESSION_RESUMPTION to support + * cache based session resumption. * - * Comment this macro to disable support for SSL session cache + * Server-side, you also need to provide callbacks for storing and reading + * sessions from cache. Example callbacks are provided by MBEDTLS_SSL_CACHE_C. + * + * If MBEDTLS_SSL_NO_SESSION_RESUMPTION is defined, this needs to be defined + * as well. + * + * Uncomment this macro to disable support for SSL session cache */ -#define MBEDTLS_SSL_SESSION_CACHE +#define MBEDTLS_SSL_NO_SESSION_CACHE /** - * \def MBEDTLS_SSL_SESSION_RESUMPTION + * \def MBEDTLS_SSL_NO_SESSION_RESUMPTION * - * Enable support for session resumption. This is the main feature flag and - * enabling this allow to enable following flags: - * MBEDTLS_SSL_SESSION_TICKETS - * MBEDTLS_SSL_SESSION_CACHE + * Disable support for session resumption. This is useful in constrained + * devices where session resumption isn't used. * - * Comment this macro to disable support for SSL session resumption + * \note Session resumption is part of the TLS standard, disabling this + * option means that the full implementation of the standard is no longer + * used. This shouldn't cause any interoperability issues as by the standard + * mandates that peers who want to resume a session need to be prepared to + * fall back to a full handshake. + * + * When this flag is enabled, following needs to be true: + * MBEDTLS_SSL_NO_SESSION_CACHE enabled + * MBEDTLS_SSL_SESSION_TICKETS disabled + * + * Client-side, this is enough to enable support for cache-based session + * resumption (as defined by the TLS standard); for ticket-based resumption + * you'll also need to enable MBEDTLS_SSL_SESSION_TICKETS. + * + * Server-side, this option is only useful in conjunction with at least + * one of `!MBEDTLS_SSL_NO_SESSION_CACHE` or `MBEDTLS_SSL_SESSION_TICKETS`. + * Each one of these additionally requires an implementation of the cache + * or tickets, examples of which are provided by `MBEDTLS_SSL_CACHE_C` + * and `MBEDTLS_SSL_TICKETS_C` respectively. + * + * Uncomment this macro to disable support for SSL session resumption */ -#define MBEDTLS_SSL_SESSION_RESUMPTION +#define MBEDTLS_SSL_NO_SESSION_RESUMPTION /** * \def MBEDTLS_SSL_EXPORT_KEYS diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4471a2403..716f35af2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -906,13 +906,13 @@ struct mbedtls_ssl_config int (*f_rng)(void *, unsigned char *, size_t); void *p_rng; /*!< context for the RNG function */ -#if defined(MBEDTLS_SSL_SESSION_CACHE) +#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE) /** Callback to retrieve a session from the cache */ int (*f_get_cache)(void *, mbedtls_ssl_session *); /** Callback to store a session into the cache */ int (*f_set_cache)(void *, const mbedtls_ssl_session *); void *p_cache; /*!< context for cache callbacks */ -#endif +#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) /** Callback for setting cert according to SNI extension */ @@ -2131,7 +2131,7 @@ void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl, void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max ); #endif /* MBEDTLS_SSL_PROTO_DTLS */ -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_CACHE) +#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_NO_SESSION_CACHE) /** * \brief Set the session cache callbacks (server-side only) * If not set, no session resuming is done (except if session @@ -2173,9 +2173,9 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, void *p_cache, int (*f_get_cache)(void *, mbedtls_ssl_session *), int (*f_set_cache)(void *, const mbedtls_ssl_session *) ); -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_SESSION_CACHE */ +#endif /* MBEDTLS_SSL_SRV_C && !MBEDTLS_SSL_NO_SESSION_CACHE */ -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_CACHE) +#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) /** * \brief Request resumption of session (client-side only) * Session data is copied from presented session structure. @@ -2191,7 +2191,7 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, * \sa mbedtls_ssl_get_session() */ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ); -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SESSION_CACHE */ +#endif /* MBEDTLS_SSL_CLI_C && !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ /** * \brief Load serialized session data into a session structure. diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 439994334..cca71e745 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -509,9 +509,9 @@ struct mbedtls_ssl_handshake_params unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; /*!< premaster secret */ -#if defined(MBEDTLS_SSL_SESSION_RESUMPTION) +#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) int resume; /*!< session resume indicator*/ -#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */ +#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ int max_major_ver; /*!< max. major version client*/ int max_minor_ver; /*!< max. minor version client*/ int cli_exts; /*!< client extension presence*/ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 710ffa4db..3b7e7224c 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -888,9 +888,9 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_RENEGOTIATION) ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || #endif -#if defined(MBEDTLS_SSL_SESSION_RESUMPTION) +#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) ssl->handshake->resume == 0 ) -#else /* MBEDTLS_SSL_SESSION_RESUMPTION */ +#else /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ 0 ) #endif { @@ -1803,8 +1803,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) /* * Check if the session can be resumed */ -#if defined(MBEDTLS_SSL_SESSION_RESUMPTION) - if( ssl->handshake->resume == 0 || n == 0 || +#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) + if( n == 0 || #if defined(MBEDTLS_SSL_RENEGOTIATION) ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || #endif @@ -1812,22 +1812,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->session_negotiate->compression != comp || ssl->session_negotiate->id_len != n || memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 ) -#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */ - { - ssl->state++; -#if defined(MBEDTLS_SSL_SESSION_RESUMPTION) ssl->handshake->resume = 0; -#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */ -#if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = mbedtls_time( NULL ); -#endif - ssl->session_negotiate->ciphersuite = i; - ssl->session_negotiate->compression = comp; - ssl->session_negotiate->id_len = n; - memcpy( ssl->session_negotiate->id, buf + 35, n ); - } -#if defined(MBEDTLS_SSL_SESSION_RESUMPTION) - else + if( ssl->handshake->resume == 1 ) { ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; @@ -1839,12 +1825,26 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) return( ret ); } } -#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */ + else +#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ + { + ssl->state++; +#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) + ssl->handshake->resume = 0; +#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ +#if defined(MBEDTLS_HAVE_TIME) + ssl->session_negotiate->start = mbedtls_time( NULL ); +#endif + ssl->session_negotiate->ciphersuite = i; + ssl->session_negotiate->compression = comp; + ssl->session_negotiate->id_len = n; + memcpy( ssl->session_negotiate->id, buf + 35, n ); + } -#if defined(MBEDTLS_SSL_SESSION_RESUMPTION) +#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed", ssl->handshake->resume ? "a" : "no" ) ); -#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */ +#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index a76ce1675..778618601 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2637,7 +2637,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 ); -#if defined(MBEDTLS_SSL_SESSION_CACHE) +#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE) /* * Resume is 0 by default, see ssl_handshake_init(). * It may be already set to 1 by ssl_parse_session_ticket_ext(). @@ -2654,11 +2654,25 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) ); ssl->handshake->resume = 1; } -#endif /* MBEDTLS_SSL_SESSION_CACHE */ +#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */ -#if defined(MBEDTLS_SSL_SESSION_RESUMPTION) - if( ssl->handshake->resume == 0 ) -#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */ +#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) + if( ssl->handshake->resume == 1 ) + { + /* + * Resuming a session + */ + n = ssl->session_negotiate->id_len; + ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; + + if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); + return( ret ); + } + } + else +#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ { /* * New session, create a new session id, @@ -2685,22 +2699,6 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) return( ret ); } } -#if defined(MBEDTLS_SSL_SESSION_RESUMPTION) - else - { - /* - * Resuming a session - */ - n = ssl->session_negotiate->id_len; - ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; - - if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); - return( ret ); - } - } -#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */ /* * 38 . 38 session id length @@ -2716,10 +2714,10 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n ); -#if defined(MBEDTLS_SSL_SESSION_RESUMPTION) +#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed", ssl->handshake->resume ? "a" : "no" ) ); -#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */ +#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite >> 8 ); *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 420eba29d..316d537ac 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1263,13 +1263,13 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, (void) ssl; #endif -#if defined(MBEDTLS_SSL_SESSION_RESUMPTION) +#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) if( handshake->resume != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); return( 0 ); } -#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */ +#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster, handshake->pmslen ); @@ -7275,9 +7275,9 @@ static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) { -#if defined(MBEDTLS_SSL_SESSION_CACHE) +#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE) int resume = ssl->handshake->resume; -#endif /* MBEDTLS_SSL_SESSION_CACHE */ +#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */ MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) ); @@ -7306,7 +7306,7 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) ssl->session = ssl->session_negotiate; ssl->session_negotiate = NULL; -#if defined(MBEDTLS_SSL_SESSION_CACHE) +#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE) /* * Add cache entry */ @@ -7317,7 +7317,7 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) ); } -#endif /* MBEDTLS_SSL_SESSION_CACHE */ +#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) && @@ -7366,7 +7366,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED; -#if defined(MBEDTLS_SSL_SESSION_RESUMPTION) +#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) /* * In case of session resuming, invert the client and server * ChangeCipherSpec messages order. @@ -7383,7 +7383,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) #endif } else -#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */ +#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ ssl->state++; /* @@ -7524,7 +7524,7 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) memcpy( ssl->peer_verify_data, buf, hash_len ); #endif -#if defined(MBEDTLS_SSL_SESSION_RESUMPTION) +#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) if( ssl->handshake->resume != 0 ) { #if defined(MBEDTLS_SSL_CLI_C) @@ -7537,7 +7537,7 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) #endif } else -#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */ +#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ ssl->state++; #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -8162,7 +8162,7 @@ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, ssl_set_timer( ssl, 0 ); } -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_CACHE) +#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_NO_SESSION_CACHE) void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, void *p_cache, int (*f_get_cache)(void *, mbedtls_ssl_session *), @@ -8172,9 +8172,9 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, conf->f_get_cache = f_get_cache; conf->f_set_cache = f_set_cache; } -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_SESSION_CACHE */ +#endif /* MBEDTLS_SSL_SRV_C && !MBEDTLS_SSL_NO_SESSION_CACHE */ -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_CACHE) +#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ) { int ret; @@ -8195,7 +8195,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session return( 0 ); } -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SESSION_CACHE */ +#endif /* MBEDTLS_SSL_CLI_C && !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, const int *ciphersuites ) diff --git a/library/version_features.c b/library/version_features.c index 7deb41717..8bc42e39f 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -513,12 +513,12 @@ static const char *features[] = { #if defined(MBEDTLS_SSL_SESSION_TICKETS) "MBEDTLS_SSL_SESSION_TICKETS", #endif /* MBEDTLS_SSL_SESSION_TICKETS */ -#if defined(MBEDTLS_SSL_SESSION_CACHE) - "MBEDTLS_SSL_SESSION_CACHE", -#endif /* MBEDTLS_SSL_SESSION_CACHE */ -#if defined(MBEDTLS_SSL_SESSION_RESUMPTION) - "MBEDTLS_SSL_SESSION_RESUMPTION", -#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */ +#if defined(MBEDTLS_SSL_NO_SESSION_CACHE) + "MBEDTLS_SSL_NO_SESSION_CACHE", +#endif /* MBEDTLS_SSL_NO_SESSION_CACHE */ +#if defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) + "MBEDTLS_SSL_NO_SESSION_RESUMPTION", +#endif /* MBEDTLS_SSL_NO_SESSION_RESUMPTION */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) "MBEDTLS_SSL_EXPORT_KEYS", #endif /* MBEDTLS_SSL_EXPORT_KEYS */ diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 799da9af9..6566baef5 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -236,11 +236,11 @@ int main( void ) mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); -#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SESSION_CACHE) +#if defined(MBEDTLS_SSL_CACHE_C) && !defined(MBEDTLS_SSL_NO_SESSION_CACHE) mbedtls_ssl_conf_session_cache( &conf, &cache, mbedtls_ssl_cache_get, mbedtls_ssl_cache_set ); -#endif /* MBEDTLS_SSL_CACHE_C && MBEDTLS_SSL_SESSION_CACHE */ +#endif /* MBEDTLS_SSL_CACHE_C && !MBEDTLS_SSL_NO_SESSION_CACHE */ mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 5a1f69e2e..7e84d5c6d 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -1410,21 +1410,21 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ -#if defined(MBEDTLS_SSL_SESSION_CACHE) - if( strcmp( "MBEDTLS_SSL_SESSION_CACHE", config ) == 0 ) +#if defined(MBEDTLS_SSL_NO_SESSION_CACHE) + if( strcmp( "MBEDTLS_SSL_NO_SESSION_CACHE", config ) == 0 ) { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SESSION_CACHE ); + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_NO_SESSION_CACHE ); return( 0 ); } -#endif /* MBEDTLS_SSL_SESSION_CACHE */ +#endif /* MBEDTLS_SSL_NO_SESSION_CACHE */ -#if defined(MBEDTLS_SSL_SESSION_RESUMPTION) - if( strcmp( "MBEDTLS_SSL_SESSION_RESUMPTION", config ) == 0 ) +#if defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) + if( strcmp( "MBEDTLS_SSL_NO_SESSION_RESUMPTION", config ) == 0 ) { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SESSION_RESUMPTION ); + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_NO_SESSION_RESUMPTION ); return( 0 ); } -#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */ +#endif /* MBEDTLS_SSL_NO_SESSION_RESUMPTION */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) if( strcmp( "MBEDTLS_SSL_EXPORT_KEYS", config ) == 0 ) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index a3f5d609d..dd194f316 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2545,14 +2545,14 @@ reconnect: } } -#if defined(MBEDTLS_SSL_SESSION_CACHE) +#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n", -ret ); goto exit; } -#endif /* MBEDTLS_SSL_SESSION_CACHE */ +#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ if( ( ret = mbedtls_net_connect( &server_fd, opt.server_addr, opt.server_port, diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 005d3e85d..5052435fa 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -224,11 +224,11 @@ int main( void ) mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); -#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SESSION_CACHE) +#if defined(MBEDTLS_SSL_CACHE_C) && !defined(MBEDTLS_SSL_NO_SESSION_CACHE) mbedtls_ssl_conf_session_cache( &conf, &cache, mbedtls_ssl_cache_get, mbedtls_ssl_cache_set ); -#endif /* MBEDTLS_SSL_CACHE_C && MBEDTLS_SSL_SESSION_CACHE */ +#endif /* MBEDTLS_SSL_CACHE_C && !MBEDTLS_SSL_NO_SESSION_CACHE */ mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 4049a27a5..3f11328cf 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2527,11 +2527,11 @@ int main( int argc, char *argv[] ) if( opt.cache_timeout != -1 ) mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout ); -#if defined(MBEDTLS_SSL_SESSION_CACHE) +#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE) mbedtls_ssl_conf_session_cache( &conf, &cache, mbedtls_ssl_cache_get, mbedtls_ssl_cache_set ); -#endif /* MBEDTLS_SSL_SESSION_CACHE */ +#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 78e123cf2..63fbea2ce 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -683,17 +683,17 @@ component_test_rsa_no_crt () { } component_test_no_resumption () { - msg "build: Default + !MBEDTLS_SSL_SESSION_RESUMPTION (ASan build)" # ~ 6 min + msg "build: Default + MBEDTLS_SSL_NO_SESSION_RESUMPTION (ASan build)" # ~ 6 min scripts/config.pl unset MBEDTLS_SSL_SESSION_TICKETS - scripts/config.pl unset MBEDTLS_SSL_SESSION_CACHE - scripts/config.pl unset MBEDTLS_SSL_SESSION_RESUMPTION + scripts/config.pl set MBEDTLS_SSL_NO_SESSION_CACHE + scripts/config.pl set MBEDTLS_SSL_NO_SESSION_RESUMPTION CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: !MBEDTLS_SSL_SESSION_RESUMPTION - main suites (inc. selftests) (ASan build)" # ~ 50s + msg "test: MBEDTLS_SSL_NO_SESSION_RESUMPTION - main suites (inc. selftests) (ASan build)" # ~ 50s make test - msg "test: !MBEDTLS_SSL_SESSION_RESUMPTION - ssl-opt.sh (ASan build)" # ~ 6 min + msg "test: MBEDTLS_SSL_NO_SESSION_RESUMPTION - ssl-opt.sh (ASan build)" # ~ 6 min if_build_succeeded tests/ssl-opt.sh } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a3c189d86..0dd9a878e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -916,7 +916,7 @@ trap cleanup INT TERM HUP # ("signature_algorithm ext: 6" means SHA-512 (highest common hash)) run_test "Default" \ "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3" \ + "$P_CLI" \ 0 \ -s "Protocol is TLSv1.2" \ -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ @@ -2206,7 +2206,7 @@ run_test "CBC Record splitting: TLS 1.0, splitting, nbio" \ # Tests for Session Tickets -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: basic" \ "$P_SRV debug_level=3 tickets=1" \ @@ -2222,7 +2222,7 @@ run_test "Session resume using tickets: basic" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: cache disabled" \ "$P_SRV debug_level=3 tickets=1 cache_max=0" \ @@ -2238,7 +2238,7 @@ run_test "Session resume using tickets: cache disabled" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: timeout" \ "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \ @@ -2254,7 +2254,7 @@ run_test "Session resume using tickets: timeout" \ -S "a session has been resumed" \ -C "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: session copy" \ "$P_SRV debug_level=3 tickets=1 cache_max=0" \ @@ -2270,7 +2270,7 @@ run_test "Session resume using tickets: session copy" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: openssl server" \ "$O_SRV" \ @@ -2281,7 +2281,7 @@ run_test "Session resume using tickets: openssl server" \ -c "parse new session ticket" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: openssl client" \ "$P_SRV debug_level=3 tickets=1" \ @@ -2297,7 +2297,7 @@ run_test "Session resume using tickets: openssl client" \ # Tests for Session Tickets with DTLS -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets, DTLS: basic" \ "$P_SRV debug_level=3 dtls=1 tickets=1" \ @@ -2313,7 +2313,7 @@ run_test "Session resume using tickets, DTLS: basic" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets, DTLS: cache disabled" \ "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ @@ -2329,7 +2329,7 @@ run_test "Session resume using tickets, DTLS: cache disabled" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets, DTLS: timeout" \ "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \ @@ -2345,7 +2345,7 @@ run_test "Session resume using tickets, DTLS: timeout" \ -S "a session has been resumed" \ -C "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets, DTLS: session copy" \ "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ @@ -2361,7 +2361,7 @@ run_test "Session resume using tickets, DTLS: session copy" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets, DTLS: openssl server" \ "$O_SRV -dtls1" \ @@ -2372,7 +2372,7 @@ run_test "Session resume using tickets, DTLS: openssl server" \ -c "parse new session ticket" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets, DTLS: openssl client" \ "$P_SRV dtls=1 debug_level=3 tickets=1" \ @@ -2388,9 +2388,9 @@ run_test "Session resume using tickets, DTLS: openssl client" \ # Tests for Session Resume based on session-ID and cache -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache: tickets enabled on client" \ "$P_SRV debug_level=3 tickets=0" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2405,9 +2405,9 @@ run_test "Session resume using cache: tickets enabled on client" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache: tickets enabled on server" \ "$P_SRV debug_level=3 tickets=1" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -2422,8 +2422,8 @@ run_test "Session resume using cache: tickets enabled on server" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache: cache_max=0" \ "$P_SRV debug_level=3 tickets=0 cache_max=0" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -2433,8 +2433,8 @@ run_test "Session resume using cache: cache_max=0" \ -S "a session has been resumed" \ -C "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache: cache_max=1" \ "$P_SRV debug_level=3 tickets=0 cache_max=1" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -2444,8 +2444,8 @@ run_test "Session resume using cache: cache_max=1" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache: timeout > delay" \ "$P_SRV debug_level=3 tickets=0" \ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \ @@ -2455,8 +2455,8 @@ run_test "Session resume using cache: timeout > delay" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache: timeout < delay" \ "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ @@ -2466,8 +2466,8 @@ run_test "Session resume using cache: timeout < delay" \ -S "a session has been resumed" \ -C "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache: no timeout" \ "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ @@ -2477,8 +2477,8 @@ run_test "Session resume using cache: no timeout" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache: session copy" \ "$P_SRV debug_level=3 tickets=0" \ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_mode=0" \ @@ -2488,8 +2488,8 @@ run_test "Session resume using cache: session copy" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache: openssl client" \ "$P_SRV debug_level=3 tickets=0" \ "( $O_CLI -sess_out $SESSION; \ @@ -2502,8 +2502,8 @@ run_test "Session resume using cache: openssl client" \ -S "session successfully restored from ticket" \ -s "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache: openssl server" \ "$O_SRV" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -2514,9 +2514,9 @@ run_test "Session resume using cache: openssl server" \ # Tests for Session Resume based on session-ID and cache, DTLS -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache, DTLS: tickets enabled on client" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ @@ -2531,9 +2531,9 @@ run_test "Session resume using cache, DTLS: tickets enabled on client" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache, DTLS: tickets enabled on server" \ "$P_SRV dtls=1 debug_level=3 tickets=1" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ @@ -2548,8 +2548,8 @@ run_test "Session resume using cache, DTLS: tickets enabled on server" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache, DTLS: cache_max=0" \ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ @@ -2559,8 +2559,8 @@ run_test "Session resume using cache, DTLS: cache_max=0" \ -S "a session has been resumed" \ -C "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache, DTLS: cache_max=1" \ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ @@ -2570,8 +2570,8 @@ run_test "Session resume using cache, DTLS: cache_max=1" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache, DTLS: timeout > delay" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=0" \ @@ -2581,8 +2581,8 @@ run_test "Session resume using cache, DTLS: timeout > delay" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache, DTLS: timeout < delay" \ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ @@ -2592,8 +2592,8 @@ run_test "Session resume using cache, DTLS: timeout < delay" \ -S "a session has been resumed" \ -C "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache, DTLS: no timeout" \ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ @@ -2603,8 +2603,8 @@ run_test "Session resume using cache, DTLS: no timeout" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache, DTLS: session copy" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_mode=0" \ @@ -2614,8 +2614,8 @@ run_test "Session resume using cache, DTLS: session copy" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache, DTLS: openssl client" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "( $O_CLI -dtls1 -sess_out $SESSION; \ @@ -2628,8 +2628,8 @@ run_test "Session resume using cache, DTLS: openssl client" \ -S "session successfully restored from ticket" \ -s "a session has been resumed" -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "Session resume using cache, DTLS: openssl server" \ "$O_SRV -dtls1" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ @@ -8074,9 +8074,9 @@ run_test "DTLS proxy: 3d, max handshake, nbio" \ -c "HTTP/1.0 200 OK" client_needs_more_time 4 -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "DTLS proxy: 3d, min handshake, resumption" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ @@ -8091,9 +8091,9 @@ run_test "DTLS proxy: 3d, min handshake, resumption" \ -c "HTTP/1.0 200 OK" client_needs_more_time 4 -requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION +requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_SESSION_CACHE +requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \