Enable multi session tickets on Server
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
parent
1ad7ace6b7
commit
d4e7500a07
2 changed files with 20 additions and 2 deletions
|
|
@ -624,6 +624,9 @@ struct mbedtls_ssl_handshake_params
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||||
uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */
|
uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||||
|
int tls13_session_tickets; /*!< number of session tickets */
|
||||||
|
#endif
|
||||||
#endif /* MBEDTLS_SSL_SRV_C */
|
#endif /* MBEDTLS_SSL_SRV_C */
|
||||||
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||||
|
|
|
||||||
|
|
@ -2617,7 +2617,8 @@ MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
static int ssl_tls13_write_new_session_ticket_coordinate( mbedtls_ssl_context *ssl )
|
static int ssl_tls13_write_new_session_ticket_coordinate( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
/* Check whether the use of session tickets is enabled */
|
/* Check whether the use of session tickets is enabled */
|
||||||
if( ssl->conf->f_ticket_write == NULL )
|
if( ssl->conf->f_ticket_write == NULL ||
|
||||||
|
ssl->handshake->tls13_session_tickets == 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "new session ticket is not enabled" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "new session ticket is not enabled" ) );
|
||||||
return( SSL_NEW_SESSION_TICKET_SKIP );
|
return( SSL_NEW_SESSION_TICKET_SKIP );
|
||||||
|
|
@ -2640,6 +2641,10 @@ static int ssl_tls13_prepare_new_session_ticket( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> prepare NewSessionTicket msg" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> prepare NewSessionTicket msg" ) );
|
||||||
|
|
||||||
|
if( ssl->handshake->resume == 1 )
|
||||||
|
ssl->handshake->tls13_session_tickets = 0;
|
||||||
|
else
|
||||||
|
ssl->handshake->tls13_session_tickets--;
|
||||||
#if defined(MBEDTLS_HAVE_TIME)
|
#if defined(MBEDTLS_HAVE_TIME)
|
||||||
session->start = mbedtls_time( NULL );
|
session->start = mbedtls_time( NULL );
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -2885,6 +2890,12 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
|
||||||
/* start state */
|
/* start state */
|
||||||
case MBEDTLS_SSL_HELLO_REQUEST:
|
case MBEDTLS_SSL_HELLO_REQUEST:
|
||||||
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
|
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||||
|
ssl->handshake->tls13_session_tickets =
|
||||||
|
ssl->conf->new_session_tickets ?
|
||||||
|
ssl->conf->new_session_tickets :
|
||||||
|
MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS;
|
||||||
|
#endif
|
||||||
ret = 0;
|
ret = 0;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|
@ -3002,7 +3013,11 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
|
||||||
* as part of ssl_prepare_handshake_step.
|
* as part of ssl_prepare_handshake_step.
|
||||||
*/
|
*/
|
||||||
ret = 0;
|
ret = 0;
|
||||||
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
|
|
||||||
|
if( ssl->handshake->tls13_session_tickets == 0 )
|
||||||
|
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
|
||||||
|
else
|
||||||
|
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_NEW_SESSION_TICKET );
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue