Skip to content
  1. Feb 26, 2001
  2. Feb 25, 2001
  3. Feb 24, 2001
  4. Feb 23, 2001
  5. Feb 22, 2001
  6. Feb 21, 2001
    • Geoff Thorpe's avatar
      If a callback is generating a new session ID for SSLv2, then upon exiting, · ec0f1959
      Geoff Thorpe authored
      the ID will be padded out to 16 bytes if the callback attempted to generate
      a shorter one. The problem is that the uniqueness checking function used in
      callbacks may mistakenly think a 9-byte ID is unique when in fact its
      padded 16-byte version is not. This makes the checking function detect
      SSLv2 cases, and ensures the padded form is checked rather than the shorter
      one passed by the callback.
      ec0f1959
    • Geoff Thorpe's avatar
      fa2b8db4
    • Geoff Thorpe's avatar
      This adds command-line support to s_server for controlling the generation · 1aa0d947
      Geoff Thorpe authored
      of session IDs. Namely, passing "-id_prefix <text>" will set a
      generate_session_id() callback that generates session IDs as random data
      with <text> block-copied over the top of the start of the ID. This can be
      viewed by watching the session ID s_client's output when it connects.
      
      This is mostly useful for testing any SSL/TLS code (eg. proxies) that wish
      to deal with multiple servers, when each of which might be generating a
      unique range of session IDs (eg. with a certain prefix).
      1aa0d947
    • Geoff Thorpe's avatar
      This change allows a callback to be used to override the generation of · dc644fe2
      Geoff Thorpe authored
      SSL/TLS session IDs in a server. According to RFC2246, the session ID is an
      arbitrary value chosen by the server. It can be useful to have some control
      over this "arbitrary value" so as to choose it in ways that can aid in
      things like external session caching and balancing (eg. clustering). The
      default session ID generation is to fill the ID with random data.
      
      The callback used by default is built in to ssl_sess.c, but registering a
      callback in an SSL_CTX or in a particular SSL overrides this. BTW: SSL
      callbacks will override SSL_CTX callbacks, and a new SSL structure inherits
      any callback set in its 'parent' SSL_CTX. The header comments describe how
      this mechanism ticks, and source code comments describe (hopefully) why it
      ticks the way it does.
      
      Man pages are on the way ...
      
      [NB: Lutz was also hacking away and helping me to figure out how best to do
      this.]
      dc644fe2
    • Geoff Thorpe's avatar
      'make update' · 47ddf355
      Geoff Thorpe authored
      47ddf355