wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-05 21:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Make wolfSSL_CTX_set_timeout call wolfSSL_CTX_set_TicketHint internally to change session-ticket-lifetime-hint.

Browse Source
This commit is contained in:
TakayukiMatsuo
2021-05-13 04:23:11 +09:00
parent 197b959916
commit aef9e560b1
2 changed files with 85 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
src/ssl.c
View File

@@ -13663,18 +13663,65 @@ int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to)
} }
/* set ctx session timeout in seconds */ /**
* Sets ctx session timeout in seconds.
* The timeout value set here should be reflected in the
* "session ticket lifetime hint" if this API works in the openssl compat-layer.
* Therefore wolfSSL_CTX_set_TicketHint is called internally.
* Arguments:
* - ctx WOLFSSL_CTX object which the timeout is set to
* - to timeout value in second
* Returns:
* WOLFSSL_SUCCESS on success, BAD_FUNC_ARG on failure.
* When WOLFSSL_ERROR_CODE_OPENSSL is defined, returns previous timeout value
* on success, BAD_FUNC_ARG on failure.
*/
WOLFSSL_ABI WOLFSSL_ABI
int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to) int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to)
{ {
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
word32 prev_timeout;
#endif
int ret = WOLFSSL_SUCCESS;
(void)ret;
if (ctx == NULL) if (ctx == NULL)
return BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
if (to == 0) if (ret == WOLFSSL_SUCCESS) {
to = WOLFSSL_SESSION_TIMEOUT; #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
ctx->timeout = to; prev_timeout = ctx->timeout;
#endif
if (to == 0) {
ctx->timeout = WOLFSSL_SESSION_TIMEOUT;
}
else {
ctx->timeout = to;
}
}
#if defined(OPENSSL_EXTRA) && defined(HAVE_SESSION_TICKET) && \
!defined(NO_WOLFSSL_SERVER)
if (ret == WOLFSSL_SUCCESS) {
if (to == 0) {
ret = wolfSSL_CTX_set_TicketHint(ctx, SESSION_TICKET_HINT_DEFAULT);
}
else {
ret = wolfSSL_CTX_set_TicketHint(ctx, to);
}
}
#endif /* OPENSSL_EXTRA && HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */
return WOLFSSL_SUCCESS; #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
if (ret == WOLFSSL_SUCCESS) {
return prev_timeout;
}
else {
return ret;
}
#else
return ret;
#endif /* WOLFSSL_ERROR_CODE_OPENSSL */
} }

32
tests/api.c
View File

@@ -44671,6 +44671,37 @@ static void test_wolfSSL_EC_curve(void)
#endif #endif
} }
static void test_wolfSSL_CTX_set_timeout(void)
{
int timeout;
(void)timeout;
printf(testingFmt, "test_wolfSSL_CTX_set_timeout()");
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
/* in WOLFSSL_ERROR_CODE_OPENSSL macro guard,
* wolfSSL_CTX_set_timeout returns previous timeout value on success.
*/
AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
/* giving 0 as timeout value sets default timeout */
timeout = wolfSSL_CTX_set_timeout(ctx, 0);
AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 20), timeout);
AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 30), 20);
#else
AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 100), 1);
AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 0), 1);
#endif
wolfSSL_CTX_free(ctx);
printf(resultFmt, passed);
}
static void test_wolfSSL_OpenSSL_version(void) static void test_wolfSSL_OpenSSL_version(void)
{ {
#if defined(OPENSSL_EXTRA) #if defined(OPENSSL_EXTRA)
@@ -45509,6 +45540,7 @@ void ApiTest(void)
test_wolfSSL_security_level(); test_wolfSSL_security_level();
test_wolfSSL_SSL_in_init(); test_wolfSSL_SSL_in_init();
test_wolfSSL_EC_curve(); test_wolfSSL_EC_curve();
test_wolfSSL_CTX_set_timeout();
test_wolfSSL_OpenSSL_version(); test_wolfSSL_OpenSSL_version();
test_wolfSSL_set_psk_use_session_callback(); test_wolfSSL_set_psk_use_session_callback();