Commit 3d53ed17 authored by Sergey Lyubka's avatar Sergey Lyubka

Allow OpenSSL session reuse on 2-way SSL, integrate https://github.com/cesanta/mongoose/pull/877

PUBLISHED_FROM=6e2568b963869d062dd51b590f8e536d043c4ca2
parent 4ea45230
...@@ -4474,6 +4474,8 @@ struct mg_iface *mg_socks_mk_iface(struct mg_mgr *mgr, const char *proxy_addr) { ...@@ -4474,6 +4474,8 @@ struct mg_iface *mg_socks_mk_iface(struct mg_mgr *mgr, const char *proxy_addr) {
#include <openssl/tls1.h> #include <openssl/tls1.h>
#endif #endif
static const char *mg_default_session_id_context = "mongoose";
struct mg_ssl_if_ctx { struct mg_ssl_if_ctx {
SSL *ssl; SSL *ssl;
SSL_CTX *ssl_ctx; SSL_CTX *ssl_ctx;
...@@ -4535,6 +4537,9 @@ enum mg_ssl_if_result mg_ssl_if_conn_init( ...@@ -4535,6 +4537,9 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2); SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3); SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1); SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1);
SSL_CTX_set_session_id_context(ctx->ssl_ctx,
(void *) mg_default_session_id_context,
strlen(mg_default_session_id_context));
#ifdef MG_SSL_OPENSSL_NO_COMPRESSION #ifdef MG_SSL_OPENSSL_NO_COMPRESSION
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_COMPRESSION); SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_COMPRESSION);
#endif #endif
......
...@@ -15,6 +15,8 @@ ...@@ -15,6 +15,8 @@
#include <openssl/tls1.h> #include <openssl/tls1.h>
#endif #endif
static const char *mg_default_session_id_context = "mongoose";
struct mg_ssl_if_ctx { struct mg_ssl_if_ctx {
SSL *ssl; SSL *ssl;
SSL_CTX *ssl_ctx; SSL_CTX *ssl_ctx;
...@@ -76,6 +78,9 @@ enum mg_ssl_if_result mg_ssl_if_conn_init( ...@@ -76,6 +78,9 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2); SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3); SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1); SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1);
SSL_CTX_set_session_id_context(ctx->ssl_ctx,
(void *) mg_default_session_id_context,
strlen(mg_default_session_id_context));
#ifdef MG_SSL_OPENSSL_NO_COMPRESSION #ifdef MG_SSL_OPENSSL_NO_COMPRESSION
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_COMPRESSION); SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_COMPRESSION);
#endif #endif
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment