commit bef8f09899002394b21d20cf03c848f3b2c07cee
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Jul 23 23:40:29 2014 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:30:19 2014 +0200
tree 60498253addb21ba832129f8d839dd3086604d1c
parent e90308178fcdc95da36e6ab783794ddc0064721f

Make cookie timeout configurable

include/polarssl/config.h

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index abca55f..b13a407 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -2201,6 +2201,7 @@
 //#define SSL_MAX_CONTENT_LEN             16384 /**< Size of the input / output buffer */
 //#define SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
 //#define POLARSSL_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
+//#define POLARSSL_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
 
 /**
  * Complete list of ciphersuites to use, in order of preference.

include/polarssl/ssl_cookie.h

diff --git a/include/polarssl/ssl_cookie.h b/include/polarssl/ssl_cookie.h
index 7db00c2..9a71443 100644
--- a/include/polarssl/ssl_cookie.h
+++ b/include/polarssl/ssl_cookie.h
@@ -36,6 +36,9 @@
  * Either change them in config.h or define them on the compiler command line.
  * \{
  */
+#ifndef POLARSSL_SSL_COOKIE_TIMEOUT
+#define POLARSSL_SSL_COOKIE_TIMEOUT     60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+#endif
 
 /* \} name SECTION: Module settings */
 
@@ -48,10 +51,13 @@
  */
 typedef struct
 {
-    md_context_t    hmac_ctx;       /*!< context for the HMAC portion   */
+    md_context_t    hmac_ctx;   /*!< context for the HMAC portion   */
 #if !defined(POLARSSL_HAVE_TIME)
-    unsigned long   serial;         /*!< serial number for expiration   */
+    unsigned long   serial;     /*!< serial number for expiration   */
 #endif
+    unsigned long   timeout;    /*!< timeout delay, in seconds if HAVE_TIME,
+                                     or in number of tickets issued */
+
 } ssl_cookie_ctx;
 
 /**
@@ -67,6 +73,17 @@
                       void *p_rng );
 
 /**
+ * \brief          Set expiration delay for cookies
+ *                 (Default POLARSSL_SSL_COOKIE_TIMEOUT)
+ *
+ * \param ctx      Cookie contex
+ * \param delay    Delay, in seconds if HAVE_TIME, or in number of cookies
+ *                 issued in the meantime.
+ *                 0 to disable expiration (NOT recommended)
+ */
+void ssl_cookie_set_timeout( ssl_cookie_ctx *ctx, unsigned long delay );
+
+/**
  * \brief          Free cookie context
  */
 void ssl_cookie_free( ssl_cookie_ctx *ctx );