projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 81a6c781 | 1 | |
| f1c236f8 | 2 | OpenSSL CHANGES |
| 651d0aff RE |
3 | _______________ |
| 4 | ||
| 7b3a9b00 | 5 | Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] |
| aaf35f11 | 6 | |
| 2b3936e8 DSH |
7 | *) If a candidate issuer certificate is already part of the constructed |
| 8 | path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case. | |
| 9 | [Steve Henson] | |
| 10 | ||
| 7c2d4fee BM |
11 | *) Improve forward-security support: add functions |
| 12 | ||
| 13 | void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure)) | |
| 14 | void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL *ssl, int is_forward_secure)) | |
| 15 | ||
| 16 | for use by SSL/TLS servers; the callback function will be called whenever a | |
| 17 | new session is created, and gets to decide whether the session may be | |
| 18 | cached to make it resumable (return 0) or not (return 1). (As by the | |
| 19 | SSL/TLS protocol specifications, the session_id sent by the server will be | |
| 20 | empty to indicate that the session is not resumable; also, the server will | |
| 21 | not generate RFC 4507 (RFC 5077) session tickets.) | |
| 22 | ||
| 23 | A simple reasonable callback implementation is to return is_forward_secure. | |
| 24 | This parameter will be set to 1 or 0 depending on the ciphersuite selected | |
| 25 | by the SSL/TLS server library, indicating whether it can provide forward | |
| 26 | security. | |
| 27 |