static int new_client_session_cb(SSL *ssl, SSL_SESSION *session) { const char *myname = "new_client_session_cb"; TLS_SESS_STATE *TLScontext; VSTRING *session_data; /* * The cache name (if caching is enabled in tlsmgr(8)) and the cache ID * string for this session are stored in the TLScontext. It cannot be * null at this point. */ if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0) msg_panic("%s: null TLScontext in new session callback", myname); /* * We only get here if the cache_type is not empty. This callback is not * set unless caching is enabled and the cache_type is stored in the * server SSL context. */ if (TLScontext->cache_type == 0) msg_panic("%s: null session cache type in new session callback", myname); if (TLScontext->log_mask & TLS_LOG_CACHE) /* serverid already contains namaddrport information */ msg_info("save session %s to %s cache", TLScontext->serverid, TLScontext->cache_type); #if (OPENSSL_VERSION_NUMBER < 0x00906011L) || (OPENSSL_VERSION_NUMBER == 0x00907000L) /* * Ugly Hack: OpenSSL before 0.9.6a does not store the verify result in * sessions for the client side. We modify the session directly which is * version specific, but this bug is version specific, too. * * READ: 0-09-06-01-1 = 0-9-6-a-beta1: all versions before beta1 have this * bug, it has been fixed during development of 0.9.6a. The development * version of 0.9.7 can have this bug, too. It has been fixed on * 2000/11/29. */ session->verify_result = SSL_get_verify_result(TLScontext->con); #endif /* * Passivate and save the session object. Errors are non-fatal, since * caching is only an optimization. */ if ((session_data = tls_session_passivate(session)) != 0) { tls_mgr_update(TLScontext->cache_type, TLScontext->serverid, STR(session_data), LEN(session_data)); vstring_free(session_data); } /* * Clean up. */ SSL_SESSION_free(session); /* 200502 */ return (1); }
static int new_server_session_cb(SSL *ssl, SSL_SESSION *session) { const char *myname = "new_server_session_cb"; VSTRING *cache_id; TLS_SESS_STATE *TLScontext; VSTRING *session_data; if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0) msg_panic("%s: null TLScontext in new session callback", myname); GEN_CACHE_ID(cache_id, session->session_id, session->session_id_length, TLScontext->serverid); if (TLScontext->log_level >= 2) msg_info("%s: save session %s to %s cache", TLScontext->namaddr, STR(cache_id), TLScontext->cache_type); /* * Passivate and save the session state. */ session_data = tls_session_passivate(session); if (session_data) tls_mgr_update(TLScontext->cache_type, STR(cache_id), STR(session_data), LEN(session_data)); /* * Clean up. */ if (session_data) vstring_free(session_data); vstring_free(cache_id); SSL_SESSION_free(session); /* 200502 */ return (1); }
static int new_client_session_cb(SSL *ssl, SSL_SESSION *session) { const char *myname = "new_client_session_cb"; TLS_SESS_STATE *TLScontext; VSTRING *session_data; /* * The cache name (if caching is enabled in tlsmgr(8)) and the cache ID * string for this session are stored in the TLScontext. It cannot be * null at this point. */ if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0) msg_panic("%s: null TLScontext in new session callback", myname); /* * We only get here if the cache_type is not empty. This callback is not * set unless caching is enabled and the cache_type is stored in the * server SSL context. */ if (TLScontext->cache_type == 0) msg_panic("%s: null session cache type in new session callback", myname); if (TLScontext->log_mask & TLS_LOG_CACHE) /* serverid contains transport:addr:port information */ msg_info("save session %s to %s cache", TLScontext->serverid, TLScontext->cache_type); /* * Passivate and save the session object. Errors are non-fatal, since * caching is only an optimization. */ if ((session_data = tls_session_passivate(session)) != 0) { tls_mgr_update(TLScontext->cache_type, TLScontext->serverid, STR(session_data), LEN(session_data)); vstring_free(session_data); } /* * Clean up. */ SSL_SESSION_free(session); /* 200502 */ return (1); }