Address review comments

This commit is contained in:
Jarno Lamsa 2019-06-20 15:31:52 +03:00 committed by Manuel Pégourié-Gonnard
parent dbf6073fa3
commit 29f2dd0a7b
17 changed files with 203 additions and 175 deletions

View file

@ -38,10 +38,10 @@ Features
ServerHello.
* Add new configuration option MBEDTLS_SSL_PROTO_NO_TLS that enables code
size savings in configurations where only DTLS is used.
* Add new configuration option MBEDTLS_SSL_SESSION_CACHE that can be used
to enable/disable cache based session resumption
* Add new configuration option MBEDTLS_SSL_SESSION_RESUMPTION that can be
used to enable/disable session resumption feature entirely.
* Add new configuration option MBEDTLS_SSL_NO_SESSION_CACHE that can be used
to disable cache based session resumption
* Add new configuration option MBEDTLS_SSL_NO_SESSION_RESUMPTION that can be
used to disable session resumption feature entirely.
API Changes
* Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`.

View file

@ -71,8 +71,8 @@
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_SSL_PROTO_TLS1_2
#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
#define MBEDTLS_SSL_SESSION_CACHE
#define MBEDTLS_SSL_SESSION_RESUMPTION
#define MBEDTLS_SSL_NO_SESSION_CACHE
#define MBEDTLS_SSL_NO_SESSION_RESUMPTION
#define MBEDTLS_SSL_COOKIE_C
#define MBEDTLS_SSL_PROTO_DTLS
#define MBEDTLS_SSL_PROTO_NO_TLS

View file

@ -671,10 +671,14 @@
#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
#endif
#if ( defined(MBEDTLS_SSL_SESSION_TICKETS) || \
defined(MBEDTLS_SSL_SESSION_CACHE) ) && \
!defined(MBEDTLS_SSL_SESSION_RESUMPTION)
#error "MBEDTLS_SSL_SESSION_TICKETS/MBEDTLS_SSL_SESSION_CACHE cannot be defined without MBEDTLS_SSL_SESSION_RESUMPTION"
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
#error "MBEDTLS_SSL_SESSION_TICKETS cannot be defined with MBEDTLS_SSL_NO_SESSION_RESUMPTION"
#endif
#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE) && \
defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
#error "MBEDTLS_NO_SESSION_CACHE needs to be defined with MBEDTLS_SSL_NO_SESSION_RESUMPTION"
#endif
#if defined(MBEDTLS_THREADING_PTHREAD)

View file

@ -1664,34 +1664,60 @@
* tickets, including authenticated encryption and key management. Example
* callbacks are provided by MBEDTLS_SSL_TICKET_C.
*
* Requires: MBEDTLS_SSL_SESSION_RESUMPTION
* Requires: !MBEDTLS_SSL_NO_SESSION_RESUMPTION
*
* Comment this macro to disable support for SSL session tickets
*/
#define MBEDTLS_SSL_SESSION_TICKETS
//#define MBEDTLS_SSL_SESSION_TICKETS
/**
* \def MBEDTLS_SSL_SESSION_CACHE
* \def MBEDTLS_SSL_NO_SESSION_CACHE
*
* Enable support for cache based session resumption.
* Disable support for cache based session resumption.
*
* Requires: MBEDTLS_SSL_SESSION_RESUMPTION
* This option is only about the server-side support of the session caches.
* Client will only need the MBEDTLS_SSL_SESSION_RESUMPTION to support
* cache based session resumption.
*
* Comment this macro to disable support for SSL session cache
* Server-side, you also need to provide callbacks for storing and reading
* sessions from cache. Example callbacks are provided by MBEDTLS_SSL_CACHE_C.
*
* If MBEDTLS_SSL_NO_SESSION_RESUMPTION is defined, this needs to be defined
* as well.
*
* Uncomment this macro to disable support for SSL session cache
*/
#define MBEDTLS_SSL_SESSION_CACHE
#define MBEDTLS_SSL_NO_SESSION_CACHE
/**
* \def MBEDTLS_SSL_SESSION_RESUMPTION
* \def MBEDTLS_SSL_NO_SESSION_RESUMPTION
*
* Enable support for session resumption. This is the main feature flag and
* enabling this allow to enable following flags:
* MBEDTLS_SSL_SESSION_TICKETS
* MBEDTLS_SSL_SESSION_CACHE
* Disable support for session resumption. This is useful in constrained
* devices where session resumption isn't used.
*
* Comment this macro to disable support for SSL session resumption
* \note Session resumption is part of the TLS standard, disabling this
* option means that the full implementation of the standard is no longer
* used. This shouldn't cause any interoperability issues as by the standard
* mandates that peers who want to resume a session need to be prepared to
* fall back to a full handshake.
*
* When this flag is enabled, following needs to be true:
* MBEDTLS_SSL_NO_SESSION_CACHE enabled
* MBEDTLS_SSL_SESSION_TICKETS disabled
*
* Client-side, this is enough to enable support for cache-based session
* resumption (as defined by the TLS standard); for ticket-based resumption
* you'll also need to enable MBEDTLS_SSL_SESSION_TICKETS.
*
* Server-side, this option is only useful in conjunction with at least
* one of `!MBEDTLS_SSL_NO_SESSION_CACHE` or `MBEDTLS_SSL_SESSION_TICKETS`.
* Each one of these additionally requires an implementation of the cache
* or tickets, examples of which are provided by `MBEDTLS_SSL_CACHE_C`
* and `MBEDTLS_SSL_TICKETS_C` respectively.
*
* Uncomment this macro to disable support for SSL session resumption
*/
#define MBEDTLS_SSL_SESSION_RESUMPTION
#define MBEDTLS_SSL_NO_SESSION_RESUMPTION
/**
* \def MBEDTLS_SSL_EXPORT_KEYS

View file

@ -906,13 +906,13 @@ struct mbedtls_ssl_config
int (*f_rng)(void *, unsigned char *, size_t);
void *p_rng; /*!< context for the RNG function */
#if defined(MBEDTLS_SSL_SESSION_CACHE)
#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
/** Callback to retrieve a session from the cache */
int (*f_get_cache)(void *, mbedtls_ssl_session *);
/** Callback to store a session into the cache */
int (*f_set_cache)(void *, const mbedtls_ssl_session *);
void *p_cache; /*!< context for cache callbacks */
#endif
#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/** Callback for setting cert according to SNI extension */
@ -2131,7 +2131,7 @@ void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
/**
* \brief Set the session cache callbacks (server-side only)
* If not set, no session resuming is done (except if session
@ -2173,9 +2173,9 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
void *p_cache,
int (*f_get_cache)(void *, mbedtls_ssl_session *),
int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_SESSION_CACHE */
#endif /* MBEDTLS_SSL_SRV_C && !MBEDTLS_SSL_NO_SESSION_CACHE */
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
/**
* \brief Request resumption of session (client-side only)
* Session data is copied from presented session structure.
@ -2191,7 +2191,7 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
* \sa mbedtls_ssl_get_session()
*/
int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SESSION_CACHE */
#endif /* MBEDTLS_SSL_CLI_C && !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
/**
* \brief Load serialized session data into a session structure.

View file

@ -509,9 +509,9 @@ struct mbedtls_ssl_handshake_params
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
/*!< premaster secret */
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
int resume; /*!< session resume indicator*/
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
int max_major_ver; /*!< max. major version client*/
int max_minor_ver; /*!< max. minor version client*/
int cli_exts; /*!< client extension presence*/

View file

@ -888,9 +888,9 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
#endif
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
ssl->handshake->resume == 0 )
#else /* MBEDTLS_SSL_SESSION_RESUMPTION */
#else /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
0 )
#endif
{
@ -1803,8 +1803,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
/*
* Check if the session can be resumed
*/
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
if( ssl->handshake->resume == 0 || n == 0 ||
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( n == 0 ||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
#endif
@ -1812,22 +1812,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
ssl->session_negotiate->compression != comp ||
ssl->session_negotiate->id_len != n ||
memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 )
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
{
ssl->state++;
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
ssl->handshake->resume = 0;
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
#if defined(MBEDTLS_HAVE_TIME)
ssl->session_negotiate->start = mbedtls_time( NULL );
#endif
ssl->session_negotiate->ciphersuite = i;
ssl->session_negotiate->compression = comp;
ssl->session_negotiate->id_len = n;
memcpy( ssl->session_negotiate->id, buf + 35, n );
}
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
else
if( ssl->handshake->resume == 1 )
{
ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
@ -1839,12 +1825,26 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
return( ret );
}
}
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
else
#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
{
ssl->state++;
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
ssl->handshake->resume = 0;
#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
#if defined(MBEDTLS_HAVE_TIME)
ssl->session_negotiate->start = mbedtls_time( NULL );
#endif
ssl->session_negotiate->ciphersuite = i;
ssl->session_negotiate->compression = comp;
ssl->session_negotiate->id_len = n;
memcpy( ssl->session_negotiate->id, buf + 35, n );
}
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
ssl->handshake->resume ? "a" : "no" ) );
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) );

View file

@ -2637,7 +2637,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 );
#if defined(MBEDTLS_SSL_SESSION_CACHE)
#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
/*
* Resume is 0 by default, see ssl_handshake_init().
* It may be already set to 1 by ssl_parse_session_ticket_ext().
@ -2654,11 +2654,25 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
ssl->handshake->resume = 1;
}
#endif /* MBEDTLS_SSL_SESSION_CACHE */
#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
if( ssl->handshake->resume == 0 )
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( ssl->handshake->resume == 1 )
{
/*
* Resuming a session
*/
n = ssl->session_negotiate->id_len;
ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
return( ret );
}
}
else
#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
{
/*
* New session, create a new session id,
@ -2685,22 +2699,6 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
return( ret );
}
}
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
else
{
/*
* Resuming a session
*/
n = ssl->session_negotiate->id_len;
ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
return( ret );
}
}
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
/*
* 38 . 38 session id length
@ -2716,10 +2714,10 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
ssl->handshake->resume ? "a" : "no" ) );
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite >> 8 );
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite );

View file

@ -1263,13 +1263,13 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
(void) ssl;
#endif
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( handshake->resume != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
return( 0 );
}
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
handshake->pmslen );
@ -7275,9 +7275,9 @@ static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_SESSION_CACHE)
#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
int resume = ssl->handshake->resume;
#endif /* MBEDTLS_SSL_SESSION_CACHE */
#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
@ -7306,7 +7306,7 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
ssl->session = ssl->session_negotiate;
ssl->session_negotiate = NULL;
#if defined(MBEDTLS_SSL_SESSION_CACHE)
#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
/*
* Add cache entry
*/
@ -7317,7 +7317,7 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
}
#endif /* MBEDTLS_SSL_SESSION_CACHE */
#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
@ -7366,7 +7366,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED;
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
/*
* In case of session resuming, invert the client and server
* ChangeCipherSpec messages order.
@ -7383,7 +7383,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
#endif
}
else
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
ssl->state++;
/*
@ -7524,7 +7524,7 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
memcpy( ssl->peer_verify_data, buf, hash_len );
#endif
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( ssl->handshake->resume != 0 )
{
#if defined(MBEDTLS_SSL_CLI_C)
@ -7537,7 +7537,7 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
#endif
}
else
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -8162,7 +8162,7 @@ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
ssl_set_timer( ssl, 0 );
}
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
void *p_cache,
int (*f_get_cache)(void *, mbedtls_ssl_session *),
@ -8172,9 +8172,9 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
conf->f_get_cache = f_get_cache;
conf->f_set_cache = f_set_cache;
}
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_SESSION_CACHE */
#endif /* MBEDTLS_SSL_SRV_C && !MBEDTLS_SSL_NO_SESSION_CACHE */
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session )
{
int ret;
@ -8195,7 +8195,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
return( 0 );
}
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SESSION_CACHE */
#endif /* MBEDTLS_SSL_CLI_C && !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
const int *ciphersuites )

View file

@ -513,12 +513,12 @@ static const char *features[] = {
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
"MBEDTLS_SSL_SESSION_TICKETS",
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_SESSION_CACHE)
"MBEDTLS_SSL_SESSION_CACHE",
#endif /* MBEDTLS_SSL_SESSION_CACHE */
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
"MBEDTLS_SSL_SESSION_RESUMPTION",
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
#if defined(MBEDTLS_SSL_NO_SESSION_CACHE)
"MBEDTLS_SSL_NO_SESSION_CACHE",
#endif /* MBEDTLS_SSL_NO_SESSION_CACHE */
#if defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
"MBEDTLS_SSL_NO_SESSION_RESUMPTION",
#endif /* MBEDTLS_SSL_NO_SESSION_RESUMPTION */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
"MBEDTLS_SSL_EXPORT_KEYS",
#endif /* MBEDTLS_SSL_EXPORT_KEYS */

View file

@ -236,11 +236,11 @@ int main( void )
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
#if defined(MBEDTLS_SSL_CACHE_C) && !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
#endif /* MBEDTLS_SSL_CACHE_C && MBEDTLS_SSL_SESSION_CACHE */
#endif /* MBEDTLS_SSL_CACHE_C && !MBEDTLS_SSL_NO_SESSION_CACHE */
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )

View file

@ -1410,21 +1410,21 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_SESSION_CACHE)
if( strcmp( "MBEDTLS_SSL_SESSION_CACHE", config ) == 0 )
#if defined(MBEDTLS_SSL_NO_SESSION_CACHE)
if( strcmp( "MBEDTLS_SSL_NO_SESSION_CACHE", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SESSION_CACHE );
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_NO_SESSION_CACHE );
return( 0 );
}
#endif /* MBEDTLS_SSL_SESSION_CACHE */
#endif /* MBEDTLS_SSL_NO_SESSION_CACHE */
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
if( strcmp( "MBEDTLS_SSL_SESSION_RESUMPTION", config ) == 0 )
#if defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( strcmp( "MBEDTLS_SSL_NO_SESSION_RESUMPTION", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SESSION_RESUMPTION );
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_NO_SESSION_RESUMPTION );
return( 0 );
}
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
#endif /* MBEDTLS_SSL_NO_SESSION_RESUMPTION */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
if( strcmp( "MBEDTLS_SSL_EXPORT_KEYS", config ) == 0 )

View file

@ -2545,14 +2545,14 @@ reconnect:
}
}
#if defined(MBEDTLS_SSL_SESSION_CACHE)
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
-ret );
goto exit;
}
#endif /* MBEDTLS_SSL_SESSION_CACHE */
#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
if( ( ret = mbedtls_net_connect( &server_fd,
opt.server_addr, opt.server_port,

View file

@ -224,11 +224,11 @@ int main( void )
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
#if defined(MBEDTLS_SSL_CACHE_C) && !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
#endif /* MBEDTLS_SSL_CACHE_C && MBEDTLS_SSL_SESSION_CACHE */
#endif /* MBEDTLS_SSL_CACHE_C && !MBEDTLS_SSL_NO_SESSION_CACHE */
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )

View file

@ -2527,11 +2527,11 @@ int main( int argc, char *argv[] )
if( opt.cache_timeout != -1 )
mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );
#if defined(MBEDTLS_SSL_SESSION_CACHE)
#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
#endif /* MBEDTLS_SSL_SESSION_CACHE */
#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)

View file

@ -683,17 +683,17 @@ component_test_rsa_no_crt () {
}
component_test_no_resumption () {
msg "build: Default + !MBEDTLS_SSL_SESSION_RESUMPTION (ASan build)" # ~ 6 min
msg "build: Default + MBEDTLS_SSL_NO_SESSION_RESUMPTION (ASan build)" # ~ 6 min
scripts/config.pl unset MBEDTLS_SSL_SESSION_TICKETS
scripts/config.pl unset MBEDTLS_SSL_SESSION_CACHE
scripts/config.pl unset MBEDTLS_SSL_SESSION_RESUMPTION
scripts/config.pl set MBEDTLS_SSL_NO_SESSION_CACHE
scripts/config.pl set MBEDTLS_SSL_NO_SESSION_RESUMPTION
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: !MBEDTLS_SSL_SESSION_RESUMPTION - main suites (inc. selftests) (ASan build)" # ~ 50s
msg "test: MBEDTLS_SSL_NO_SESSION_RESUMPTION - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
msg "test: !MBEDTLS_SSL_SESSION_RESUMPTION - ssl-opt.sh (ASan build)" # ~ 6 min
msg "test: MBEDTLS_SSL_NO_SESSION_RESUMPTION - ssl-opt.sh (ASan build)" # ~ 6 min
if_build_succeeded tests/ssl-opt.sh
}

View file

@ -916,7 +916,7 @@ trap cleanup INT TERM HUP
# ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
run_test "Default" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
"$P_CLI" \
0 \
-s "Protocol is TLSv1.2" \
-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \
@ -2206,7 +2206,7 @@ run_test "CBC Record splitting: TLS 1.0, splitting, nbio" \
# Tests for Session Tickets
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: basic" \
"$P_SRV debug_level=3 tickets=1" \
@ -2222,7 +2222,7 @@ run_test "Session resume using tickets: basic" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: cache disabled" \
"$P_SRV debug_level=3 tickets=1 cache_max=0" \
@ -2238,7 +2238,7 @@ run_test "Session resume using tickets: cache disabled" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: timeout" \
"$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \
@ -2254,7 +2254,7 @@ run_test "Session resume using tickets: timeout" \
-S "a session has been resumed" \
-C "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: session copy" \
"$P_SRV debug_level=3 tickets=1 cache_max=0" \
@ -2270,7 +2270,7 @@ run_test "Session resume using tickets: session copy" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: openssl server" \
"$O_SRV" \
@ -2281,7 +2281,7 @@ run_test "Session resume using tickets: openssl server" \
-c "parse new session ticket" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: openssl client" \
"$P_SRV debug_level=3 tickets=1" \
@ -2297,7 +2297,7 @@ run_test "Session resume using tickets: openssl client" \
# Tests for Session Tickets with DTLS
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: basic" \
"$P_SRV debug_level=3 dtls=1 tickets=1" \
@ -2313,7 +2313,7 @@ run_test "Session resume using tickets, DTLS: basic" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: cache disabled" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
@ -2329,7 +2329,7 @@ run_test "Session resume using tickets, DTLS: cache disabled" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: timeout" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \
@ -2345,7 +2345,7 @@ run_test "Session resume using tickets, DTLS: timeout" \
-S "a session has been resumed" \
-C "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: session copy" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
@ -2361,7 +2361,7 @@ run_test "Session resume using tickets, DTLS: session copy" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: openssl server" \
"$O_SRV -dtls1" \
@ -2372,7 +2372,7 @@ run_test "Session resume using tickets, DTLS: openssl server" \
-c "parse new session ticket" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: openssl client" \
"$P_SRV dtls=1 debug_level=3 tickets=1" \
@ -2388,9 +2388,9 @@ run_test "Session resume using tickets, DTLS: openssl client" \
# Tests for Session Resume based on session-ID and cache
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: tickets enabled on client" \
"$P_SRV debug_level=3 tickets=0" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@ -2405,9 +2405,9 @@ run_test "Session resume using cache: tickets enabled on client" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: tickets enabled on server" \
"$P_SRV debug_level=3 tickets=1" \
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
@ -2422,8 +2422,8 @@ run_test "Session resume using cache: tickets enabled on server" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: cache_max=0" \
"$P_SRV debug_level=3 tickets=0 cache_max=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
@ -2433,8 +2433,8 @@ run_test "Session resume using cache: cache_max=0" \
-S "a session has been resumed" \
-C "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: cache_max=1" \
"$P_SRV debug_level=3 tickets=0 cache_max=1" \
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
@ -2444,8 +2444,8 @@ run_test "Session resume using cache: cache_max=1" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: timeout > delay" \
"$P_SRV debug_level=3 tickets=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
@ -2455,8 +2455,8 @@ run_test "Session resume using cache: timeout > delay" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: timeout < delay" \
"$P_SRV debug_level=3 tickets=0 cache_timeout=1" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
@ -2466,8 +2466,8 @@ run_test "Session resume using cache: timeout < delay" \
-S "a session has been resumed" \
-C "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: no timeout" \
"$P_SRV debug_level=3 tickets=0 cache_timeout=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
@ -2477,8 +2477,8 @@ run_test "Session resume using cache: no timeout" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: session copy" \
"$P_SRV debug_level=3 tickets=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_mode=0" \
@ -2488,8 +2488,8 @@ run_test "Session resume using cache: session copy" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: openssl client" \
"$P_SRV debug_level=3 tickets=0" \
"( $O_CLI -sess_out $SESSION; \
@ -2502,8 +2502,8 @@ run_test "Session resume using cache: openssl client" \
-S "session successfully restored from ticket" \
-s "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: openssl server" \
"$O_SRV" \
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
@ -2514,9 +2514,9 @@ run_test "Session resume using cache: openssl server" \
# Tests for Session Resume based on session-ID and cache, DTLS
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: tickets enabled on client" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
@ -2531,9 +2531,9 @@ run_test "Session resume using cache, DTLS: tickets enabled on client" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: tickets enabled on server" \
"$P_SRV dtls=1 debug_level=3 tickets=1" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
@ -2548,8 +2548,8 @@ run_test "Session resume using cache, DTLS: tickets enabled on server" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: cache_max=0" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
@ -2559,8 +2559,8 @@ run_test "Session resume using cache, DTLS: cache_max=0" \
-S "a session has been resumed" \
-C "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: cache_max=1" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
@ -2570,8 +2570,8 @@ run_test "Session resume using cache, DTLS: cache_max=1" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: timeout > delay" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
@ -2581,8 +2581,8 @@ run_test "Session resume using cache, DTLS: timeout > delay" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: timeout < delay" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
@ -2592,8 +2592,8 @@ run_test "Session resume using cache, DTLS: timeout < delay" \
-S "a session has been resumed" \
-C "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: no timeout" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
@ -2603,8 +2603,8 @@ run_test "Session resume using cache, DTLS: no timeout" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: session copy" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_mode=0" \
@ -2614,8 +2614,8 @@ run_test "Session resume using cache, DTLS: session copy" \
-s "a session has been resumed" \
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: openssl client" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"( $O_CLI -dtls1 -sess_out $SESSION; \
@ -2628,8 +2628,8 @@ run_test "Session resume using cache, DTLS: openssl client" \
-S "session successfully restored from ticket" \
-s "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: openssl server" \
"$O_SRV -dtls1" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
@ -8074,9 +8074,9 @@ run_test "DTLS proxy: 3d, max handshake, nbio" \
-c "HTTP/1.0 200 OK"
client_needs_more_time 4
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "DTLS proxy: 3d, min handshake, resumption" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
@ -8091,9 +8091,9 @@ run_test "DTLS proxy: 3d, min handshake, resumption" \
-c "HTTP/1.0 200 OK"
client_needs_more_time 4
requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \