Option to reverify certs on resumption.
Works in the 1.3 and 1.2 client handshakes, not implemented on the
server for now.
Creates an SSL_CTX option to reverify the server certificate on session
resumption. Reverification only runs the client's certificate verify callback.
Adds new states to the client handshakes: state_reverify_server_certificate in
TLS 1.2, and state_server_certificate_reverify in TLS 1.3.
Adds a negative test to make sure that by default we don't verify the
certificate on resumption, and positive tests that make sure we do when the
new option is set.
Change-Id: I3a47ff3eacb3099df4db4c5bc57f7c801ceea8f1
Bug: chromium:347402
Reviewed-on: https://boringssl-review.googlesource.com/29984
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/internal.h b/ssl/internal.h
index cc3e075..46c5248 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1698,6 +1698,9 @@
// ssl_verify_peer_cert verifies the peer certificate for |hs|.
enum ssl_verify_result_t ssl_verify_peer_cert(SSL_HANDSHAKE *hs);
+// ssl_reverify_peer_cert verifies the peer certificate for |hs| when resuming a
+// session.
+enum ssl_verify_result_t ssl_reverify_peer_cert(SSL_HANDSHAKE *hs);
enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs);
bool ssl_send_finished(SSL_HANDSHAKE *hs);
@@ -2899,6 +2902,11 @@
// abort.
int (*dos_protection_cb) (const SSL_CLIENT_HELLO *) = nullptr;
+ // Controls whether to verify certificates when resuming connections. They
+ // were already verified when the connection was first made, so the default is
+ // false. For now, this is only respected on clients, not servers.
+ bool reverify_on_resume = false;
+
// Maximum amount of data to send in one fragment. actual record size can be
// more than this due to padding and MAC overheads.
uint16_t max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
