commit 590f416142f95afd8a143fff7739b3c47573d816
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Nov 05 14:23:03 2014 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Dec 02 10:40:55 2014 +0100
tree ffddb4be86a76d1b27728422ce4f8ffd86219bdd
parent 837f0fe831894876098d95b344699d2052287584

Add tests for periodic renegotiation

programs/ssl/ssl_server2.c

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 8aee54a..f0c4ef1 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -104,6 +104,7 @@
 #define DFL_ALLOW_LEGACY        -2
 #define DFL_RENEGOTIATE         0
 #define DFL_RENEGO_DELAY        -2
+#define DFL_RENEGO_PERIOD       -1
 #define DFL_EXCHANGES           1
 #define DFL_MIN_VERSION         -1
 #define DFL_MAX_VERSION         -1
@@ -164,6 +165,7 @@
     int allow_legacy;           /* allow legacy renegotiation               */
     int renegotiate;            /* attempt renegotiation?                   */
     int renego_delay;           /* delay before enforcing renegotiation     */
+    int renego_period;          /* period for automatic renegotiation       */
     int exchanges;              /* number of data exchanges                 */
     int min_version;            /* minimum protocol version accepted        */
     int max_version;            /* maximum protocol version accepted        */
@@ -303,7 +305,8 @@
 #define USAGE_RENEGO \
     "    renegotiation=%%d    default: 0 (disabled)\n"      \
     "    renegotiate=%%d      default: 0 (disabled)\n"      \
-    "    renego_delay=%%d     default: -2 (library default)\n"
+    "    renego_delay=%%d     default: -2 (library default)\n" \
+    "    renego_period=%%d    default: (library default)\n"
 #else
 #define USAGE_RENEGO ""
 #endif
@@ -608,6 +611,9 @@
     entropy_context entropy;
     ctr_drbg_context ctr_drbg;
     ssl_context ssl;
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+    unsigned char renego_period[8] = { 0 };
+#endif
 #if defined(POLARSSL_X509_CRT_PARSE_C)
     x509_crt cacert;
     x509_crt srvcert;
@@ -708,6 +714,7 @@
     opt.allow_legacy        = DFL_ALLOW_LEGACY;
     opt.renegotiate         = DFL_RENEGOTIATE;
     opt.renego_delay        = DFL_RENEGO_DELAY;
+    opt.renego_period       = DFL_RENEGO_PERIOD;
     opt.exchanges           = DFL_EXCHANGES;
     opt.min_version         = DFL_MIN_VERSION;
     opt.max_version         = DFL_MAX_VERSION;
@@ -806,6 +813,12 @@
         {
             opt.renego_delay = atoi( q );
         }
+        else if( strcmp( p, "renego_period" ) == 0 )
+        {
+            opt.renego_period = atoi( q );
+            if( opt.renego_period < 2 || opt.renego_period > 255 )
+                goto usage;
+        }
         else if( strcmp( p, "exchanges" ) == 0 )
         {
             opt.exchanges = atoi( q );
@@ -1325,8 +1338,15 @@
         ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
 #if defined(POLARSSL_SSL_RENEGOTIATION)
     ssl_set_renegotiation( &ssl, opt.renegotiation );
+
     if( opt.renego_delay != DFL_RENEGO_DELAY )
         ssl_set_renegotiation_enforced( &ssl, opt.renego_delay );
+
+    if( opt.renego_period != DFL_RENEGO_PERIOD )
+    {
+        renego_period[7] = opt.renego_period;
+        ssl_set_renegotiation_period( &ssl, renego_period );
+    }
 #endif
 
 #if defined(POLARSSL_X509_CRT_PARSE_C)