yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-08 10:09:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Made session tickets support configurable from config.h

Browse source
This commit is contained in:
Paul Bakker 2013-08-14 13:48:06 +02:00
parent 56dc9e8bba
commit a503a63b85
7 changed files with 90 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
include/polarssl/config.h
View file

@ -528,6 +528,18 @@
*/ */
#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO #define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
/**
* \def POLARSSL_SSL_SESSION_TICKETS
*
* Enable support for RFC 5077 session tickets in SSL
*
* Requires: POLARSSL_AES_C
* POLARSSL_SHA256_C
*
* Comment this macro to disable support for SSL session tickets
*/
#define POLARSSL_SSL_SESSION_TICKETS
/** /**
* \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
* *

12
include/polarssl/ssl.h
View file

@ -329,7 +329,9 @@ typedef struct _ssl_session ssl_session;
typedef struct _ssl_context ssl_context; typedef struct _ssl_context ssl_context;
typedef struct _ssl_transform ssl_transform; typedef struct _ssl_transform ssl_transform;
typedef struct _ssl_handshake_params ssl_handshake_params; typedef struct _ssl_handshake_params ssl_handshake_params;
#if defined(POLARSSL_SSL_SESSION_TICKETS)
typedef struct _ssl_ticket_keys ssl_ticket_keys; typedef struct _ssl_ticket_keys ssl_ticket_keys;
#endif
/* /*
* This structure is used for storing current session data. * This structure is used for storing current session data.
@ -349,9 +351,11 @@ struct _ssl_session
x509_cert *peer_cert; /*!< peer X.509 cert chain */ x509_cert *peer_cert; /*!< peer X.509 cert chain */
#endif /* POLARSSL_X509_PARSE_C */ #endif /* POLARSSL_X509_PARSE_C */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
unsigned char *ticket; /*!< RFC 5077 session ticket */ unsigned char *ticket; /*!< RFC 5077 session ticket */
size_t ticket_len; /*!< session ticket length */ size_t ticket_len; /*!< session ticket length */
uint32_t ticket_lifetime; /*!< ticket lifetime hint */ uint32_t ticket_lifetime; /*!< ticket lifetime hint */
#endif /* POLARSSL_SSL_SESSION_TICKETS */
unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */ unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */
int trunc_hmac; /*!< flag for truncated hmac activation */ int trunc_hmac; /*!< flag for truncated hmac activation */
@ -444,9 +448,12 @@ struct _ssl_handshake_params
int max_major_ver; /*!< max. major version client*/ int max_major_ver; /*!< max. major version client*/
int max_minor_ver; /*!< max. minor version client*/ int max_minor_ver; /*!< max. minor version client*/
#if defined(POLARSSL_SSL_SESSION_TICKETS)
int new_session_ticket; /*!< use NewSessionTicket? */ int new_session_ticket; /*!< use NewSessionTicket? */
#endif /* POLARSSL_SSL_SESSION_TICKETS */
}; };
#if defined(POLARSSL_SSL_SESSION_TICKETS)
/* /*
* Parameters needed to secure session tickets * Parameters needed to secure session tickets
*/ */
@ -457,6 +464,7 @@ struct _ssl_ticket_keys
aes_context dec; /*!< decryption context */ aes_context dec; /*!< decryption context */
unsigned char mac_key[16]; /*!< authentication key */ unsigned char mac_key[16]; /*!< authentication key */
}; };
#endif /* POLARSSL_SSL_SESSION_TICKETS */
struct _ssl_context struct _ssl_context
{ {
@ -566,10 +574,12 @@ struct _ssl_context
const char *peer_cn; /*!< expected peer CN */ const char *peer_cn; /*!< expected peer CN */
#endif /* POLARSSL_X509_PARSE_C */ #endif /* POLARSSL_X509_PARSE_C */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
/* /*
* Support for generating and checking session tickets * Support for generating and checking session tickets
*/ */
ssl_ticket_keys *ticket_keys; /*!< keys for ticket encryption */ ssl_ticket_keys *ticket_keys; /*!< keys for ticket encryption */
#endif /* POLARSSL_SSL_SESSION_TICKETS */
/* /*
* User settings * User settings
@ -1037,6 +1047,7 @@ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
*/ */
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate ); int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
#if defined(POLARSSL_SSL_SESSION_TICKETS)
/** /**
* \brief Enable / Disable session tickets * \brief Enable / Disable session tickets
* (Default: SSL_SESSION_TICKETS_ENABLED on client, * (Default: SSL_SESSION_TICKETS_ENABLED on client,
@ -1054,6 +1065,7 @@ int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
* or a specific error code (server only). * or a specific error code (server only).
*/ */
int ssl_set_session_tickets( ssl_context *ssl, int use_tickets ); int ssl_set_session_tickets( ssl_context *ssl, int use_tickets );
#endif /* POLARSSL_SSL_SESSION_TICKETS */
/** /**
* \brief Enable / Disable renegotiation support for connection when * \brief Enable / Disable renegotiation support for connection when

14
library/ssl_cli.c
View file

@ -322,6 +322,7 @@ static void ssl_write_truncated_hmac_ext( ssl_context *ssl,
*olen = 4; *olen = 4;
} }
#if defined(POLARSSL_SSL_SESSION_TICKETS)
static void ssl_write_session_ticket_ext( ssl_context *ssl, static void ssl_write_session_ticket_ext( ssl_context *ssl,
unsigned char *buf, size_t *olen ) unsigned char *buf, size_t *olen )
{ {
@ -356,6 +357,7 @@ static void ssl_write_session_ticket_ext( ssl_context *ssl,
*olen += tlen; *olen += tlen;
} }
#endif /* POLARSSL_SSL_SESSION_TICKETS */
static int ssl_write_client_hello( ssl_context *ssl ) static int ssl_write_client_hello( ssl_context *ssl )
{ {
@ -441,6 +443,7 @@ static int ssl_write_client_hello( ssl_context *ssl )
n = 0; n = 0;
} }
#if defined(POLARSSL_SSL_SESSION_TICKETS)
/* /*
* RFC 5077 section 3.4: "When presenting a ticket, the client MAY * RFC 5077 section 3.4: "When presenting a ticket, the client MAY
* generate and include a Session ID in the TLS ClientHello." * generate and include a Session ID in the TLS ClientHello."
@ -456,6 +459,7 @@ static int ssl_write_client_hello( ssl_context *ssl )
ssl->session_negotiate->length = n = 32; ssl->session_negotiate->length = n = 32;
} }
#endif /* POLARSSL_SSL_SESSION_TICKETS */
*p++ = (unsigned char) n; *p++ = (unsigned char) n;
@ -548,8 +552,10 @@ static int ssl_write_client_hello( ssl_context *ssl )
ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen ); ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen; ext_len += olen;
#if defined(POLARSSL_SSL_SESSION_TICKETS)
ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen ); ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen; ext_len += olen;
#endif
SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d", SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
ext_len ) ); ext_len ) );
@ -650,6 +656,7 @@ static int ssl_parse_truncated_hmac_ext( ssl_context *ssl,
return( 0 ); return( 0 );
} }
#if defined(POLARSSL_SSL_SESSION_TICKETS)
static int ssl_parse_session_ticket_ext( ssl_context *ssl, static int ssl_parse_session_ticket_ext( ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -666,6 +673,7 @@ static int ssl_parse_session_ticket_ext( ssl_context *ssl,
return( 0 ); return( 0 );
} }
#endif /* POLARSSL_SSL_SESSION_TICKETS */
static int ssl_parse_server_hello( ssl_context *ssl ) static int ssl_parse_server_hello( ssl_context *ssl )
{ {
@ -905,6 +913,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
break; break;
#if defined(POLARSSL_SSL_SESSION_TICKETS)
case TLS_EXT_SESSION_TICKET: case TLS_EXT_SESSION_TICKET:
SSL_DEBUG_MSG( 3, ( "found session_ticket extension" ) ); SSL_DEBUG_MSG( 3, ( "found session_ticket extension" ) );
@ -915,6 +924,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
} }
break; break;
#endif /* POLARSSL_SSL_SESSION_TICKETS */
default: default:
SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
@ -1925,6 +1935,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
!POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED && !POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED &&
!POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
static int ssl_parse_new_session_ticket( ssl_context *ssl ) static int ssl_parse_new_session_ticket( ssl_context *ssl )
{ {
int ret; int ret;
@ -2016,6 +2027,7 @@ static int ssl_parse_new_session_ticket( ssl_context *ssl )
return( 0 ); return( 0 );
} }
#endif /* POLARSSL_SSL_SESSION_TICKETS */
/* /*
* SSL handshake -- client side -- single step * SSL handshake -- client side -- single step
@ -2105,9 +2117,11 @@ int ssl_handshake_client_step( ssl_context *ssl )
* Finished * Finished
*/ */
case SSL_SERVER_CHANGE_CIPHER_SPEC: case SSL_SERVER_CHANGE_CIPHER_SPEC:
#if defined(POLARSSL_SSL_SESSION_TICKETS)
if( ssl->handshake->new_session_ticket != 0 ) if( ssl->handshake->new_session_ticket != 0 )
ret = ssl_parse_new_session_ticket( ssl ); ret = ssl_parse_new_session_ticket( ssl );
else else
#endif
ret = ssl_parse_change_cipher_spec( ssl ); ret = ssl_parse_change_cipher_spec( ssl );
break; break;

23
library/ssl_srv.c
View file

@ -47,6 +47,7 @@
#include <time.h> #include <time.h>
#endif #endif
#if defined(POLARSSL_SSL_SESSION_TICKETS)
/* /*
* Serialize a session in the following format: * Serialize a session in the following format:
* 0 . n-1 session structure, n = sizeof(ssl_session) * 0 . n-1 session structure, n = sizeof(ssl_session)
@ -300,6 +301,7 @@ static int ssl_parse_ticket( ssl_context *ssl,
return( 0 ); return( 0 );
} }
#endif /* POLARSSL_SSL_SESSION_TICKETS */
static int ssl_parse_servername_ext( ssl_context *ssl, static int ssl_parse_servername_ext( ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
@ -584,6 +586,7 @@ static int ssl_parse_truncated_hmac_ext( ssl_context *ssl,
return( 0 ); return( 0 );
} }
#if defined(POLARSSL_SSL_SESSION_TICKETS)
static int ssl_parse_session_ticket_ext( ssl_context *ssl, static int ssl_parse_session_ticket_ext( ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
size_t len ) size_t len )
@ -625,6 +628,7 @@ static int ssl_parse_session_ticket_ext( ssl_context *ssl,
return( 0 ); return( 0 );
} }
#endif /* POLARSSL_SSL_SESSION_TICKETS */
#if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) #if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
static int ssl_parse_client_hello_v2( ssl_context *ssl ) static int ssl_parse_client_hello_v2( ssl_context *ssl )
@ -1176,6 +1180,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
return( ret ); return( ret );
break; break;
#if defined(POLARSSL_SSL_SESSION_TICKETS)
case TLS_EXT_SESSION_TICKET: case TLS_EXT_SESSION_TICKET:
SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) ); SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) );
@ -1183,6 +1188,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
break; break;
#endif /* POLARSSL_SSL_SESSION_TICKETS */
default: default:
SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
@ -1316,6 +1322,7 @@ static void ssl_write_truncated_hmac_ext( ssl_context *ssl,
*olen = 4; *olen = 4;
} }
#if defined(POLARSSL_SSL_SESSION_TICKETS)
static void ssl_write_session_ticket_ext( ssl_context *ssl, static void ssl_write_session_ticket_ext( ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
size_t *olen ) size_t *olen )
@ -1338,6 +1345,7 @@ static void ssl_write_session_ticket_ext( ssl_context *ssl,
*olen = 4; *olen = 4;
} }
#endif /* POLARSSL_SSL_SESSION_TICKETS */
static void ssl_write_renegotiation_ext( ssl_context *ssl, static void ssl_write_renegotiation_ext( ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
@ -1466,11 +1474,12 @@ static int ssl_write_server_hello( ssl_context *ssl )
*/ */
ssl->state++; ssl->state++;
#if defined(POLARSSL_SSL_SESSION_TICKETS)
if( ssl->handshake->new_session_ticket == 0 ) if( ssl->handshake->new_session_ticket == 0 )
{ {
ssl->session_negotiate->length = n = 32; ssl->session_negotiate->length = n = 32;
if( ( ret = ssl->f_rng( ssl->p_rng, ssl->session_negotiate->id, if( ( ret = ssl->f_rng( ssl->p_rng, ssl->session_negotiate->id,
n ) ) != 0 ) n ) ) != 0 )
return( ret ); return( ret );
} }
else else
@ -1478,6 +1487,12 @@ static int ssl_write_server_hello( ssl_context *ssl )
ssl->session_negotiate->length = 0; ssl->session_negotiate->length = 0;
memset( ssl->session_negotiate->id, 0, 32 ); memset( ssl->session_negotiate->id, 0, 32 );
} }
#else
ssl->session_negotiate->length = n = 32;
if( ( ret = ssl->f_rng( ssl->p_rng, ssl->session_negotiate->id,
n ) ) != 0 )
return( ret );
#endif /* POLARSSL_SSL_SESSION_TICKETS */
} }
else else
{ {
@ -1531,8 +1546,10 @@ static int ssl_write_server_hello( ssl_context *ssl )
ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen ); ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen; ext_len += olen;
#if defined(POLARSSL_SSL_SESSION_TICKETS)
ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen ); ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen; ext_len += olen;
#endif
SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) ); SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
@ -2469,6 +2486,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
!POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED && !POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED &&
!POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
static int ssl_write_new_session_ticket( ssl_context *ssl ) static int ssl_write_new_session_ticket( ssl_context *ssl )
{ {
int ret; int ret;
@ -2518,6 +2536,7 @@ static int ssl_write_new_session_ticket( ssl_context *ssl )
return( 0 ); return( 0 );
} }
#endif /* POLARSSL_SSL_SESSION_TICKETS */
/* /*
* SSL handshake -- server side -- single step * SSL handshake -- server side -- single step
@ -2607,9 +2626,11 @@ int ssl_handshake_server_step( ssl_context *ssl )
* Finished * Finished
*/ */
case SSL_SERVER_CHANGE_CIPHER_SPEC: case SSL_SERVER_CHANGE_CIPHER_SPEC:
#if defined(POLARSSL_SSL_SESSION_TICKETS)
if( ssl->handshake->new_session_ticket != 0 ) if( ssl->handshake->new_session_ticket != 0 )
ret = ssl_write_new_session_ticket( ssl ); ret = ssl_write_new_session_ticket( ssl );
else else
#endif
ret = ssl_write_change_cipher_spec( ssl ); ret = ssl_write_change_cipher_spec( ssl );
break; break;

10
library/ssl_tls.c
View file

@ -101,6 +101,7 @@ static int ssl_session_copy( ssl_session *dst, const ssl_session *src )
} }
#endif /* POLARSSL_X509_PARSE_C */ #endif /* POLARSSL_X509_PARSE_C */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
if( src->ticket != NULL ) if( src->ticket != NULL )
{ {
if( ( dst->ticket = polarssl_malloc( src->ticket_len ) ) == NULL ) if( ( dst->ticket = polarssl_malloc( src->ticket_len ) ) == NULL )
@ -108,6 +109,7 @@ static int ssl_session_copy( ssl_session *dst, const ssl_session *src )
memcpy( dst->ticket, src->ticket, src->ticket_len ); memcpy( dst->ticket, src->ticket, src->ticket_len );
} }
#endif /* POLARSSL_SSL_SESSION_TICKETS */
return( 0 ); return( 0 );
} }
@ -2972,6 +2974,7 @@ int ssl_session_reset( ssl_context *ssl )
return( 0 ); return( 0 );
} }
#if defined(POLARSSL_SSL_SESSION_TICKETS)
/* /*
* Allocate and initialize ticket keys * Allocate and initialize ticket keys
*/ */
@ -3004,6 +3007,7 @@ static int ssl_ticket_keys_init( ssl_context *ssl )
return( 0 ); return( 0 );
} }
#endif /* POLARSSL_SSL_SESSION_TICKETS */
/* /*
* SSL set accessors * SSL set accessors
@ -3261,6 +3265,7 @@ void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy )
ssl->allow_legacy_renegotiation = allow_legacy; ssl->allow_legacy_renegotiation = allow_legacy;
} }
#if defined(POLARSSL_SSL_SESSION_TICKETS)
int ssl_set_session_tickets( ssl_context *ssl, int use_tickets ) int ssl_set_session_tickets( ssl_context *ssl, int use_tickets )
{ {
ssl->session_tickets = use_tickets; ssl->session_tickets = use_tickets;
@ -3273,6 +3278,7 @@ int ssl_set_session_tickets( ssl_context *ssl, int use_tickets )
return( ssl_ticket_keys_init( ssl ) ); return( ssl_ticket_keys_init( ssl ) );
} }
#endif /* POLARSSL_SSL_SESSION_TICKETS */
/* /*
* SSL get accessors * SSL get accessors
@ -3658,7 +3664,9 @@ void ssl_session_free( ssl_session *session )
} }
#endif #endif
#if defined(POLARSSL_SSL_SESSION_TICKETS)
polarssl_free( session->ticket ); polarssl_free( session->ticket );
#endif
memset( session, 0, sizeof( ssl_session ) ); memset( session, 0, sizeof( ssl_session ) );
} }
@ -3710,7 +3718,9 @@ void ssl_free( ssl_context *ssl )
polarssl_free( ssl->session ); polarssl_free( ssl->session );
} }
#if defined(POLARSSL_SSL_SESSION_TICKETS)
polarssl_free( ssl->ticket_keys ); polarssl_free( ssl->ticket_keys );
#endif
if ( ssl->hostname != NULL) if ( ssl->hostname != NULL)
{ {

11
programs/ssl/ssl_client2.c
View file

@ -178,6 +178,13 @@ static int my_verify( void *data, x509_cert *crt, int depth, int *flags )
#define USAGE_PSK "" #define USAGE_PSK ""
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ #endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
#define USAGE_TICKETS \
" tickets=%%d default: 1 (enabled)\n"
#else
#define USAGE_TICKETS ""
#endif /* POLARSSL_SSL_SESSION_TICKETS */
#define USAGE \ #define USAGE \
"\n usage: ssl_client2 param=<>...\n" \ "\n usage: ssl_client2 param=<>...\n" \
"\n acceptable parameters:\n" \ "\n acceptable parameters:\n" \
@ -189,7 +196,7 @@ static int my_verify( void *data, x509_cert *crt, int depth, int *flags )
" renegotiation=%%d default: 1 (enabled)\n" \ " renegotiation=%%d default: 1 (enabled)\n" \
" allow_legacy=%%d default: 0 (disabled)\n" \ " allow_legacy=%%d default: 0 (disabled)\n" \
" reconnect=%%d default: 0 (disabled)\n" \ " reconnect=%%d default: 0 (disabled)\n" \
" tickets=%%d default: 1 (enabled)\n" \ USAGE_TICKETS \
"\n" \ "\n" \
" min_version=%%s default: \"\" (ssl3)\n" \ " min_version=%%s default: \"\" (ssl3)\n" \
" max_version=%%s default: \"\" (tls1_2)\n" \ " max_version=%%s default: \"\" (tls1_2)\n" \
@ -674,7 +681,9 @@ int main( int argc, char *argv[] )
ssl_set_bio( &ssl, net_recv, &server_fd, ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd ); net_send, &server_fd );
#if defined(POLARSSL_SSL_SESSION_TICKETS)
ssl_set_session_tickets( &ssl, opt.tickets ); ssl_set_session_tickets( &ssl, opt.tickets );
#endif
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );

11
programs/ssl/ssl_server2.c
View file

@ -146,6 +146,13 @@ static void my_debug( void *ctx, int level, const char *str )
#define USAGE_PSK "" #define USAGE_PSK ""
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ #endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
#define USAGE_TICKETS \
" tickets=%%d default: 1 (enabled)\n"
#else
#define USAGE_TICKETS ""
#endif /* POLARSSL_SSL_SESSION_TICKETS */
#define USAGE \ #define USAGE \
"\n usage: ssl_server2 param=<>...\n" \ "\n usage: ssl_server2 param=<>...\n" \
"\n acceptable parameters:\n" \ "\n acceptable parameters:\n" \
@ -154,7 +161,7 @@ static void my_debug( void *ctx, int level, const char *str )
USAGE_IO \ USAGE_IO \
" request_page=%%s default: \".\"\n" \ " request_page=%%s default: \".\"\n" \
" renegotiation=%%d default: 1 (enabled)\n" \ " renegotiation=%%d default: 1 (enabled)\n" \
" tickets=%%d default: 1 (enabled)\n" \ USAGE_TICKETS \
" allow_legacy=%%d default: 0 (disabled)\n" \ " allow_legacy=%%d default: 0 (disabled)\n" \
" min_version=%%s default: \"ssl3\"\n" \ " min_version=%%s default: \"ssl3\"\n" \
" max_version=%%s default: \"tls1_2\"\n" \ " max_version=%%s default: \"tls1_2\"\n" \
@ -621,7 +628,9 @@ int main( int argc, char *argv[] )
ssl_cache_set, &cache ); ssl_cache_set, &cache );
#endif #endif
#if defined(POLARSSL_SSL_SESSION_TICKETS)
ssl_set_session_tickets( &ssl, opt.tickets ); ssl_set_session_tickets( &ssl, opt.tickets );
#endif
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );