Google Git
Sign in
boringssl / boringssl.git / 364f7a6d21f73d099f4f80800973174a8f71e90f^! / . / ssl / ssl_session.c
commit364f7a6d21f73d099f4f80800973174a8f71e90f[log] [tgz]
authorAdam Langley <agl@google.com>Mon Dec 12 10:51:00 2016 -0800
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Tue Dec 13 17:18:53 2016 +0000
tree7379dd7f90e0594ce3992d7cd5a0e3be7288e663
parentcb0c29ff75045fb9f7c2f9d827da4492a1840ba8 [diff] [blame]
Push the difference in chain semantics to the edge.

OpenSSL includes a leaf certificate in a certificate chain when it's a
client, but doesn't when it's a server. This is also reflected in the
serialisation of sessions.

This change makes the internal semantics consistent: the leaf is always
included in the chain in memory, and never duplicated when serialised.
To maintain the same API, SSL_get_peer_cert_chain will construct a copy
of the chain without the leaf if needed.

Since the serialised format of a client session has changed, an
|is_server| boolean is added to the ASN.1 that defaults to true. Thus
any old client sessions will be parsed as server sessions and (silently)
discarded by a client.

Change-Id: Ibcf72bc8a130cedb423bc0fd3417868e0af3ca3e
Reviewed-on: https://boringssl-review.googlesource.com/12704
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/ssl_session.c b/ssl/ssl_session.c
index 98d101c..b0951ac 100644
--- a/ssl/ssl_session.c
+++ b/ssl/ssl_session.c

@@ -182,6 +182,7 @@
     goto err;
   }
 
+  new_session->is_server = session->is_server;
   new_session->ssl_version = session->ssl_version;
   new_session->sid_ctx_length = session->sid_ctx_length;
   memcpy(new_session->sid_ctx, session->sid_ctx, session->sid_ctx_length);
@@ -327,6 +328,7 @@
   OPENSSL_cleanse(session->session_id, sizeof(session->session_id));
   X509_free(session->x509_peer);
   sk_X509_pop_free(session->x509_chain, X509_free);
+  sk_X509_pop_free(session->x509_chain_without_leaf, X509_free);
   OPENSSL_free(session->tlsext_hostname);
   OPENSSL_free(session->tlsext_tick);
   OPENSSL_free(session->tlsext_signed_cert_timestamp_list);
@@ -462,6 +464,9 @@
     return 0;
   }
 
+  session->is_server = is_server;
+  session->ssl_version = ssl->version;
+
   /* Fill in the time from the |SSL_CTX|'s clock. */
   struct timeval now;
   ssl_get_current_time(ssl, &now);
@@ -469,8 +474,6 @@
 
   session->timeout = ssl->session_timeout;
 
-  session->ssl_version = ssl->version;
-
   if (is_server) {
     if (hs->ticket_expected) {
       /* Don't set session IDs for sessions resumed with tickets. This will keep
@@ -634,6 +637,9 @@
 
 int ssl_session_is_resumable(const SSL *ssl, const SSL_SESSION *session) {
   return ssl_session_is_context_valid(ssl, session) &&
+         /* The session must have been created by the same type of end point as
+          * we're now using it with. */
+         session->is_server == ssl->server &&
          /* The session must not be expired. */
          ssl_session_is_time_valid(ssl, session) &&
          /* Only resume if the session's version matches the negotiated