]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
7b3a9b00 | 5 | Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] |
aaf35f11 | 6 | |
2b3936e8 DSH |
7 | *) If a candidate issuer certificate is already part of the constructed |
8 | path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case. | |
9 | [Steve Henson] | |
10 | ||
7c2d4fee BM |
11 | *) Improve forward-security support: add functions |
12 | ||
13 | void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure)) | |
14 | void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL *ssl, int is_forward_secure)) | |
15 | ||
16 | for use by SSL/TLS servers; the callback function will be called whenever a | |
17 | new session is created, and gets to decide whether the session may be | |
18 | cached to make it resumable (return 0) or not (return 1). (As by the | |
19 | SSL/TLS protocol specifications, the session_id sent by the server will be | |
20 | empty to indicate that the session is not resumable; also, the server will | |
21 | not generate RFC 4507 (RFC 5077) session tickets.) | |
22 | ||
23 | A simple reasonable callback implementation is to return is_forward_secure. | |
24 | This parameter will be set to 1 or 0 depending on the ciphersuite selected | |
25 | by the SSL/TLS server library, indicating whether it can provide forward | |
26 | security. | |
27 |