Splitting SSL session state.
To prevent configuration/established session confusion, the handshake
session state is separated into the configured session (ssl->session)
and the newly created session (ssl->s3->new_session). Upon conclusion of
the handshake, the finalized session is stored
in (ssl->s3->established_session). During the handshake, any requests
for the session (SSL_get_session) return a non-resumable session, to
prevent resumption of a partially filled session. Sessions should only
be cached upon the completion of the full handshake, using the resulting
established_session. The semantics of accessors on the session are
maintained mid-renego.
Change-Id: I4358aecb71fce4fe14a6746c5af1416a69935078
Reviewed-on: https://boringssl-review.googlesource.com/8612
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/internal.h b/ssl/internal.h
index 7a4a958..e3d0463 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -157,6 +157,10 @@
#include <sys/time.h>
#endif
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
/* Cipher suites. */
@@ -1216,6 +1220,12 @@
SSL *ssl, SSL_SESSION **out_session, int *out_send_ticket,
const struct ssl_early_callback_ctx *ctx);
+/* SSL_SESSION_dup returns a newly-allocated |SSL_SESSION| with a copy of the
+ * fields in |session| or NULL on error. The new session is non-resumable and
+ * must be explicitly marked resumable once it has been filled in. */
+OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *session,
+ int include_ticket);
+
STACK_OF(SSL_CIPHER) *
ssl_bytes_to_cipher_list(SSL *ssl, const CBS *cbs, uint16_t max_version);
void ssl_cipher_preference_list_free(
@@ -1453,4 +1463,9 @@
uint16_t signature_algorithm);
void ssl_set_client_disabled(SSL *ssl);
+
+#if defined(__cplusplus)
+} /* extern C */
+#endif
+
#endif /* OPENSSL_HEADER_SSL_INTERNAL_H */
