wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Make wolfSSL_set_session return success on timeout under WOLFSSL_ERROR_CODE_OPENSSL macro definition.

Browse Source
This commit is contained in:
TakayukiMatsuo
2021-05-13 09:18:57 +09:00
parent aef9e560b1
commit 567d8ed704
3 changed files with 49 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
doc/dox_comments/header_files/ssl.h
View File

@@ -2245,6 +2245,9 @@ WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *);
\return SSL_FAILURE will be returned on failure. This could be caused \return SSL_FAILURE will be returned on failure. This could be caused
by the session cache being disabled, or if the session has timed out. by the session cache being disabled, or if the session has timed out.
\return When OPENSSL_EXTRA and WOLFSSL_ERROR_CODE_OPENSSL are defined,
SSL_SUCCESS will be returned even if the session has timed out.
\param ssl pointer to the SSL object, created with wolfSSL_new(). \param ssl pointer to the SSL object, created with wolfSSL_new().
\param session pointer to the WOLFSSL_SESSION used to set the session \param session pointer to the WOLFSSL_SESSION used to set the session
for ssl. for ssl.
@@ -5780,7 +5783,8 @@ WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL*, unsigned int);
\brief This function sets the timeout value for SSL sessions, in seconds, \brief This function sets the timeout value for SSL sessions, in seconds,
for the specified SSL context. for the specified SSL context.
\return SSL_SUCCESS will be returned upon success. \return the previous timeout value, if WOLFSSL_ERROR_CODE_OPENSSL is
\return defined on success. If not defined, SSL_SUCCESS will be returned.
\return BAD_FUNC_ARG will be returned when the input context (ctx) is null. \return BAD_FUNC_ARG will be returned when the input context (ctx) is null.
\param ctx pointer to the SSL context, created with wolfSSL_CTX_new(). \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().

28
src/ssl.c
View File

@@ -11108,7 +11108,24 @@ WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl)
return NULL; return NULL;
} }
/*
* Sets the session object to use when establishing a TLS/SSL session using
* the ssl object. Therefore, this function must be called before
* wolfSSL_connect. The session object to use can be obtained in a previous
* TLS/SSL connection using wolfSSL_get_session.
*
* This function rejects the session if it has been expired when this function
* is called. Note that this expiration check is wolfSSL specific and differs
* from OpenSSL return code behavior.
*
* By default, wolfSSL_set_session returns WOLFSSL_SUCCESS on successfully
* setting the session, WOLFSSL_FAILURE on failure due to the session cache
* being disabled, or the session has expired.
*
* To match OpenSSL return code behavior when session is expired, define
* OPENSSL_EXTRA and WOLFSSL_ERROR_CODE_OPENSSL. This behavior will return
* WOLFSSL_SUCCESS even when the session is expired and rejected.
*/
WOLFSSL_ABI WOLFSSL_ABI
int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session) int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session)
{ {
@@ -14095,7 +14112,14 @@ int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
return ret; return ret;
} }
return WOLFSSL_FAILURE; /* session timed out */ else {
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL)
WOLFSSL_MSG("Session is expired but return success for \
OpenSSL compatibility");
return WOLFSSL_SUCCESS;
#endif /* OPENSSL_EXTRA && WOLFSSL_ERROR_CODE_OPENSSL */
return WOLFSSL_FAILURE; /* session timed out */
}
} }

18
tests/api.c
View File

@@ -34690,6 +34690,22 @@ static void test_wolfSSL_SESSION(void)
#endif #endif
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
/* session timeout case */
/* make the session to be expired */
AssertIntEQ(SSL_SESSION_set_timeout(sess,1), SSL_SUCCESS);
XSLEEP_MS(1200);
/* SSL_set_session should reject specified session but return success
* if WOLFSSL_ERROR_CODE_OPENSSL macro is defined for OpenSSL compatibility.
*/
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
AssertIntEQ(wolfSSL_set_session(ssl,sess), SSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_set_session(ssl,sess), SSL_FAILURE);
#endif
AssertIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS);
/* fail case with miss match session context IDs (use compatibility API) */ /* fail case with miss match session context IDs (use compatibility API) */
AssertIntEQ(SSL_set_session_id_context(ssl, context, contextSz), AssertIntEQ(SSL_set_session_id_context(ssl, context, contextSz),
SSL_SUCCESS); SSL_SUCCESS);
@@ -44673,6 +44689,7 @@ static void test_wolfSSL_EC_curve(void)
static void test_wolfSSL_CTX_set_timeout(void) static void test_wolfSSL_CTX_set_timeout(void)
{ {
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_SESSION_CACHE)
int timeout; int timeout;
(void)timeout; (void)timeout;
printf(testingFmt, "test_wolfSSL_CTX_set_timeout()"); printf(testingFmt, "test_wolfSSL_CTX_set_timeout()");
@@ -44700,6 +44717,7 @@ static void test_wolfSSL_CTX_set_timeout(void)
wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
printf(resultFmt, passed); printf(resultFmt, passed);
#endif /* !NO_WOLFSSL_SERVER && !NO_SESSION_CACHE*/
} }
static void test_wolfSSL_OpenSSL_version(void) static void test_wolfSSL_OpenSSL_version(void)