abc/lwip
1
0
Fork 0
mirror of https://git.savannah.nongnu.org/git/lwip.git synced 2026-05-23 08:37:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

altcp_tls: support for saving/restoring session information

Browse Source 
According to mbedTLS source code and documentation, calls to
`mbedtls_ssl_conf_session_cache` and `mbedtls_ssl_conf_session_tickets_cb`
are only available if mbedTLS is configured for server mode (ie. MBEDTLS_SSL_SRV_C
is defined). This cannot be used on client mode to resume a previous session.

To allow session reuse in client mode, application must save session parameters
(including tickets provided by the server if any) after successfull connection
and restore them before attemting to reconnect. Since `alctp_close()` free the
structure, it cannot be used to store the required information.

So, two new API were added, directly wrapped to mbedTLS functions, allow application
to do that by itself.

Also added full declaration of `struct altcp_tls_session` in altcp_tls.h to allow
easier usage in application when using mbedTLS port.
This commit is contained in:
David Girault
2019-02-01 17:56:17 +01:00
committed by Simon Goldschmidt
parent d84a84e5ca
commit f97dacd014
2 changed files with 82 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/apps/altcp_tls/altcp_tls_mbedtls.c
View File

@@ -639,6 +639,44 @@ altcp_tls_wrap(struct altcp_tls_config *config, struct altcp_pcb *inner_pcb)
return ret;
}
void
altcp_tls_init_session(struct altcp_tls_session *session)
{
if (session)
mbedtls_ssl_session_init(&session->data);
}
err_t
altcp_tls_get_session(struct altcp_pcb *conn, struct altcp_tls_session *session)
{
if (session && conn && conn->state) {
altcp_mbedtls_state_t *state = (altcp_mbedtls_state_t *)conn->state;
int ret = mbedtls_ssl_get_session(&state->ssl_context, &session->data);
return ret < 0 ? ERR_VAL : ERR_OK;
}
return ERR_ARG;
}
err_t
altcp_tls_set_session(struct altcp_pcb *conn, struct altcp_tls_session *session)
{
if (session && conn && conn->state) {
altcp_mbedtls_state_t *state = (altcp_mbedtls_state_t *)conn->state;
int ret = -1;
if (session->data.start)
ret = mbedtls_ssl_set_session(&state->ssl_context, &session->data);
return ret < 0 ? ERR_VAL : ERR_OK;
}
return ERR_ARG;
}
void
altcp_tls_free_session(struct altcp_tls_session *session)
{
if (session)
mbedtls_ssl_session_free(&session->data);
}
void *
altcp_tls_context(struct altcp_pcb *conn)
{