From: Amos Jeffries Date: Thu, 7 Jul 2016 19:03:02 +0000 (+1200) Subject: Merged from trunk rev.14734 X-Git-Tag: SQUID_4_0_13~39^2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e054c12658b290b2983db7551ae9a2ea1046460b;p=thirdparty%2Fsquid.git Merged from trunk rev.14734 --- e054c12658b290b2983db7551ae9a2ea1046460b diff --cc src/security/Session.cc index 38480c1438,ae6fc3c919..e9f1efeacd --- a/src/security/Session.cc +++ b/src/security/Session.cc @@@ -16,6 -16,45 +16,52 @@@ #define SSL_SESSION_ID_SIZE 32 #define SSL_SESSION_MAX_SIZE 10*1024 ++#if USE_GNUTLS ++void ++squid_datum_free(gnutls_datum_t *D) { ++ gnutls_free(D); ++} ++#endif ++ + bool + Security::SessionIsResumed(const Security::SessionPointer &s) + { + return + #if USE_OPENSSL + SSL_session_reused(s.get()) == 1; + #elif USE_GNUTLS + gnutls_session_is_resumed(s.get()) != 0; + #else + false; + #endif + } + + void + Security::GetSessionResumeData(const Security::SessionPointer &s, Security::SessionStatePointer &data) + { + if (!SessionIsResumed(s)) { + #if USE_OPENSSL + data.reset(SSL_get1_session(s.get())); + #elif USE_GNUTLS + gnutls_datum_t *tmp = nullptr; + (void)gnutls_session_get_data2(s.get(), tmp); + data.reset(tmp); + #endif + } + } + + void + Security::SetSessionResumeData(const Security::SessionPtr &s, const Security::SessionStatePointer &data) + { + if (s) { + #if USE_OPENSSL + (void)SSL_set_session(s, data.get()); + #elif USE_GNUTLS + (void)gnutls_session_set_data(s, data->data, data->size); + #endif + } + } + static bool isTlsServer() { diff --cc src/security/Session.h index fb009df20f,b360967b37..fae3b4c247 --- a/src/security/Session.h +++ b/src/security/Session.h @@@ -32,24 -31,41 +32,40 @@@ typedef SSL* SessionPtr CtoCpp1(SSL_free, SSL *); typedef LockingPointer SessionPointer; -typedef SSL_SESSION* SessionStatePtr; -CtoCpp1(SSL_SESSION_free, SSL_SESSION *); -typedef LockingPointer SessionStatePointer; ++typedef std::unique_ptr> SessionStatePointer; + #elif USE_GNUTLS typedef gnutls_session_t SessionPtr; -CtoCpp1(gnutls_deinit, gnutls_session_t); --// TODO: Convert to Locking pointer. // Locks can be implemented attaching locks counter to gnutls_session_t // objects using the gnutls_session_set_ptr()/gnutls_session_get_ptr () // library functions - //typedef std::unique_ptr> SessionPointer; -typedef TidyPointer SessionPointer; +CtoCpp1(gnutls_deinit, gnutls_session_t); +typedef LockingPointer SessionPointer; -typedef gnutls_datum_t *SessionStatePtr; -CtoCpp1(gnutls_free, gnutls_datum_t *); -typedef TidyPointer SessionStatePointer; ++/// wrapper function to avoid compile errors with gnutls_free() being a typedef. ++void squid_datum_free(gnutls_datum_t *D); ++typedef std::unique_ptr> SessionStatePointer; + #else // use void* so we can check against NULL typedef void* SessionPtr; -typedef TidyPointer SessionPointer; -typedef TidyPointer SessionStatePointer; +CtoCpp1(xfree, SessionPtr); +typedef LockingPointer SessionPointer; + ++typedef std::unique_ptr SessionStatePointer; + #endif + /// whether the session is a resumed one + bool SessionIsResumed(const Security::SessionPointer &); + + /// Retrieve the data needed to resume this session on a later connection + void GetSessionResumeData(const Security::SessionPointer &, Security::SessionStatePointer &); + + /// Set the data for resuming a previous session. + /// Needs to be done before using the SessionPointer for a handshake. + void SetSessionResumeData(const Security::SessionPtr &, const Security::SessionStatePointer &); + } // namespace Security #endif /* SQUID_SRC_SECURITY_SESSION_H */