From 2a8db059eaee7e3c01a4058cde2dffecb230226b Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 4 Jan 2019 10:27:48 +0100 Subject: ssl: Modernize test suite --- lib/ssl/src/ssl_connection.erl | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/ssl/src/ssl_connection.erl') diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index b9162a2d3b..36ab1740f0 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -2406,6 +2406,7 @@ session_handle_params(#server_ecdh_params{curve = ECCurve}, Session) -> session_handle_params(_, Session) -> Session. + register_session(client, Host, Port, #session{is_resumable = new} = Session0) -> Session = Session0#session{is_resumable = true}, ssl_manager:register_session(Host, Port, Session), -- cgit v1.2.3 From 15183f8e798e1fe5ac613f711df491d3bf4f2db7 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 3 Jan 2019 09:06:21 +0100 Subject: ssl: Client shall only save verified sessions Modernize test case option handling --- lib/ssl/src/ssl_connection.erl | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'lib/ssl/src/ssl_connection.erl') diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 36ab1740f0..0529194f82 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -1044,7 +1044,7 @@ cipher(internal, #finished{verify_data = Data} = Finished, get_current_prf(ConnectionStates0, read), MasterSecret, Handshake0) of verified -> - Session = register_session(Role, host_id(Role, Host, SslOpts), Port, Session0), + Session = handle_session(Role, SslOpts, Host, Port, Session0), cipher_role(Role, Data, Session, State#state{expecting_finished = false}, Connection); #alert{} = Alert -> @@ -2406,6 +2406,12 @@ session_handle_params(#server_ecdh_params{curve = ECCurve}, Session) -> session_handle_params(_, Session) -> Session. +handle_session(Role = server, SslOpts, Host, Port, Session0) -> + register_session(Role, host_id(Role, Host, SslOpts), Port, Session0); +handle_session(Role = client, #ssl_options{verify = verify_peer} = SslOpts, Host, Port, Session0) -> + register_session(Role, host_id(Role, Host, SslOpts), Port, Session0); +handle_session(client, _, _, _, Session0) -> + Session0. register_session(client, Host, Port, #session{is_resumable = new} = Session0) -> Session = Session0#session{is_resumable = true}, -- cgit v1.2.3 From ba4fb703a5c20ed26186d5ae968020819c1d8780 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 4 Jan 2019 11:01:21 +0100 Subject: ssl: Add value 'save' to reuse_sessions and reuse_session client option We want to be able to save a specific session to reuse, and make sure it is reusable immediatly when the connection has been established. Add client option {reuse_session, SessionID::binary()} We also do not want clients to save sessions that it did not verify. Additionaly change behaviour of the client and server to not save sessions if reuse_session is set to false. --- lib/ssl/src/ssl_connection.erl | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) (limited to 'lib/ssl/src/ssl_connection.erl') diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 0529194f82..7d7da2dcec 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -2406,22 +2406,35 @@ session_handle_params(#server_ecdh_params{curve = ECCurve}, Session) -> session_handle_params(_, Session) -> Session. -handle_session(Role = server, SslOpts, Host, Port, Session0) -> - register_session(Role, host_id(Role, Host, SslOpts), Port, Session0); -handle_session(Role = client, #ssl_options{verify = verify_peer} = SslOpts, Host, Port, Session0) -> - register_session(Role, host_id(Role, Host, SslOpts), Port, Session0); -handle_session(client, _, _, _, Session0) -> - Session0. - -register_session(client, Host, Port, #session{is_resumable = new} = Session0) -> +handle_session(Role = server, #ssl_options{reuse_sessions = true} = SslOpts, + Host, Port, Session0) -> + register_session(Role, host_id(Role, Host, SslOpts), Port, Session0, true); +handle_session(Role = client, #ssl_options{verify = verify_peer, + reuse_sessions = Reuse} = SslOpts, + Host, Port, Session0) when Reuse =/= false -> + register_session(Role, host_id(Role, Host, SslOpts), Port, Session0, reg_type(Reuse)); +handle_session(server, _, Host, Port, Session) -> + %% Remove "session of type new" entry from session DB + ssl_manager:invalidate_session(Host, Port, Session), + Session; +handle_session(client, _,_,_, Session) -> + %% In client case there is no entry yet, so nothing to remove + Session. + +reg_type(save) -> + true; +reg_type(true) -> + unique. + +register_session(client, Host, Port, #session{is_resumable = new} = Session0, Save) -> Session = Session0#session{is_resumable = true}, - ssl_manager:register_session(Host, Port, Session), + ssl_manager:register_session(Host, Port, Session, Save), Session; -register_session(server, _, Port, #session{is_resumable = new} = Session0) -> +register_session(server, _, Port, #session{is_resumable = new} = Session0, _) -> Session = Session0#session{is_resumable = true}, ssl_manager:register_session(Port, Session), Session; -register_session(_, _, _, Session) -> +register_session(_, _, _, Session, _) -> Session. %% Already registered host_id(client, _Host, #ssl_options{server_name_indication = Hostname}) when is_list(Hostname) -> -- cgit v1.2.3