Address review comments
diff --git a/ChangeLog b/ChangeLog
index e9dc52c..796ff22 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -38,10 +38,10 @@
ServerHello.
* Add new configuration option MBEDTLS_SSL_PROTO_NO_TLS that enables code
size savings in configurations where only DTLS is used.
- * Add new configuration option MBEDTLS_SSL_SESSION_CACHE that can be used
- to enable/disable cache based session resumption
- * Add new configuration option MBEDTLS_SSL_SESSION_RESUMPTION that can be
- used to enable/disable session resumption feature entirely.
+ * Add new configuration option MBEDTLS_SSL_NO_SESSION_CACHE that can be used
+ to disable cache based session resumption
+ * Add new configuration option MBEDTLS_SSL_NO_SESSION_RESUMPTION that can be
+ used to disable session resumption feature entirely.
API Changes
* Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`.
diff --git a/configs/baremetal.h b/configs/baremetal.h
index cd0202e..b8bf3e0 100644
--- a/configs/baremetal.h
+++ b/configs/baremetal.h
@@ -71,8 +71,8 @@
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_SSL_PROTO_TLS1_2
#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
-#define MBEDTLS_SSL_SESSION_CACHE
-#define MBEDTLS_SSL_SESSION_RESUMPTION
+#define MBEDTLS_SSL_NO_SESSION_CACHE
+#define MBEDTLS_SSL_NO_SESSION_RESUMPTION
#define MBEDTLS_SSL_COOKIE_C
#define MBEDTLS_SSL_PROTO_DTLS
#define MBEDTLS_SSL_PROTO_NO_TLS
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 27dd8aa..030236a 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -671,10 +671,14 @@
#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
#endif
-#if ( defined(MBEDTLS_SSL_SESSION_TICKETS) || \
- defined(MBEDTLS_SSL_SESSION_CACHE) ) && \
- !defined(MBEDTLS_SSL_SESSION_RESUMPTION)
-#error "MBEDTLS_SSL_SESSION_TICKETS/MBEDTLS_SSL_SESSION_CACHE cannot be defined without MBEDTLS_SSL_SESSION_RESUMPTION"
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
+ defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
+#error "MBEDTLS_SSL_SESSION_TICKETS cannot be defined with MBEDTLS_SSL_NO_SESSION_RESUMPTION"
+#endif
+
+#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE) && \
+ defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
+#error "MBEDTLS_NO_SESSION_CACHE needs to be defined with MBEDTLS_SSL_NO_SESSION_RESUMPTION"
#endif
#if defined(MBEDTLS_THREADING_PTHREAD)
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index cfb2094..5f2028a 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1664,34 +1664,60 @@
* tickets, including authenticated encryption and key management. Example
* callbacks are provided by MBEDTLS_SSL_TICKET_C.
*
- * Requires: MBEDTLS_SSL_SESSION_RESUMPTION
+ * Requires: !MBEDTLS_SSL_NO_SESSION_RESUMPTION
*
* Comment this macro to disable support for SSL session tickets
*/
-#define MBEDTLS_SSL_SESSION_TICKETS
+//#define MBEDTLS_SSL_SESSION_TICKETS
/**
- * \def MBEDTLS_SSL_SESSION_CACHE
+ * \def MBEDTLS_SSL_NO_SESSION_CACHE
*
- * Enable support for cache based session resumption.
+ * Disable support for cache based session resumption.
*
- * Requires: MBEDTLS_SSL_SESSION_RESUMPTION
+ * This option is only about the server-side support of the session caches.
+ * Client will only need the MBEDTLS_SSL_SESSION_RESUMPTION to support
+ * cache based session resumption.
*
- * Comment this macro to disable support for SSL session cache
+ * Server-side, you also need to provide callbacks for storing and reading
+ * sessions from cache. Example callbacks are provided by MBEDTLS_SSL_CACHE_C.
+ *
+ * If MBEDTLS_SSL_NO_SESSION_RESUMPTION is defined, this needs to be defined
+ * as well.
+ *
+ * Uncomment this macro to disable support for SSL session cache
*/
-#define MBEDTLS_SSL_SESSION_CACHE
+#define MBEDTLS_SSL_NO_SESSION_CACHE
/**
- * \def MBEDTLS_SSL_SESSION_RESUMPTION
+ * \def MBEDTLS_SSL_NO_SESSION_RESUMPTION
*
- * Enable support for session resumption. This is the main feature flag and
- * enabling this allow to enable following flags:
- * MBEDTLS_SSL_SESSION_TICKETS
- * MBEDTLS_SSL_SESSION_CACHE
+ * Disable support for session resumption. This is useful in constrained
+ * devices where session resumption isn't used.
*
- * Comment this macro to disable support for SSL session resumption
+ * \note Session resumption is part of the TLS standard, disabling this
+ * option means that the full implementation of the standard is no longer
+ * used. This shouldn't cause any interoperability issues as by the standard
+ * mandates that peers who want to resume a session need to be prepared to
+ * fall back to a full handshake.
+ *
+ * When this flag is enabled, following needs to be true:
+ * MBEDTLS_SSL_NO_SESSION_CACHE enabled
+ * MBEDTLS_SSL_SESSION_TICKETS disabled
+ *
+ * Client-side, this is enough to enable support for cache-based session
+ * resumption (as defined by the TLS standard); for ticket-based resumption
+ * you'll also need to enable MBEDTLS_SSL_SESSION_TICKETS.
+ *
+ * Server-side, this option is only useful in conjunction with at least
+ * one of `!MBEDTLS_SSL_NO_SESSION_CACHE` or `MBEDTLS_SSL_SESSION_TICKETS`.
+ * Each one of these additionally requires an implementation of the cache
+ * or tickets, examples of which are provided by `MBEDTLS_SSL_CACHE_C`
+ * and `MBEDTLS_SSL_TICKETS_C` respectively.
+ *
+ * Uncomment this macro to disable support for SSL session resumption
*/
-#define MBEDTLS_SSL_SESSION_RESUMPTION
+#define MBEDTLS_SSL_NO_SESSION_RESUMPTION
/**
* \def MBEDTLS_SSL_EXPORT_KEYS
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 4471a24..716f35a 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -906,13 +906,13 @@
int (*f_rng)(void *, unsigned char *, size_t);
void *p_rng; /*!< context for the RNG function */
-#if defined(MBEDTLS_SSL_SESSION_CACHE)
+#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
/** Callback to retrieve a session from the cache */
int (*f_get_cache)(void *, mbedtls_ssl_session *);
/** Callback to store a session into the cache */
int (*f_set_cache)(void *, const mbedtls_ssl_session *);
void *p_cache; /*!< context for cache callbacks */
-#endif
+#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/** Callback for setting cert according to SNI extension */
@@ -2131,7 +2131,7 @@
void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
-#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
+#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
/**
* \brief Set the session cache callbacks (server-side only)
* If not set, no session resuming is done (except if session
@@ -2173,9 +2173,9 @@
void *p_cache,
int (*f_get_cache)(void *, mbedtls_ssl_session *),
int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
-#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_SESSION_CACHE */
+#endif /* MBEDTLS_SSL_SRV_C && !MBEDTLS_SSL_NO_SESSION_CACHE */
-#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
+#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
/**
* \brief Request resumption of session (client-side only)
* Session data is copied from presented session structure.
@@ -2191,7 +2191,7 @@
* \sa mbedtls_ssl_get_session()
*/
int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
-#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SESSION_CACHE */
+#endif /* MBEDTLS_SSL_CLI_C && !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
/**
* \brief Load serialized session data into a session structure.
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 4399943..cca71e7 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -509,9 +509,9 @@
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
/*!< premaster secret */
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
int resume; /*!< session resume indicator*/
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
int max_major_ver; /*!< max. major version client*/
int max_minor_ver; /*!< max. minor version client*/
int cli_exts; /*!< client extension presence*/
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 710ffa4..3b7e722 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -888,9 +888,9 @@
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
#endif
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
ssl->handshake->resume == 0 )
-#else /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#else /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
0 )
#endif
{
@@ -1803,8 +1803,8 @@
/*
* Check if the session can be resumed
*/
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
- if( ssl->handshake->resume == 0 || n == 0 ||
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
+ if( n == 0 ||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
#endif
@@ -1812,22 +1812,8 @@
ssl->session_negotiate->compression != comp ||
ssl->session_negotiate->id_len != n ||
memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 )
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
- {
- ssl->state++;
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
ssl->handshake->resume = 0;
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
-#if defined(MBEDTLS_HAVE_TIME)
- ssl->session_negotiate->start = mbedtls_time( NULL );
-#endif
- ssl->session_negotiate->ciphersuite = i;
- ssl->session_negotiate->compression = comp;
- ssl->session_negotiate->id_len = n;
- memcpy( ssl->session_negotiate->id, buf + 35, n );
- }
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
- else
+ if( ssl->handshake->resume == 1 )
{
ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
@@ -1839,12 +1825,26 @@
return( ret );
}
}
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+ else
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
+ {
+ ssl->state++;
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
+ ssl->handshake->resume = 0;
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
+#if defined(MBEDTLS_HAVE_TIME)
+ ssl->session_negotiate->start = mbedtls_time( NULL );
+#endif
+ ssl->session_negotiate->ciphersuite = i;
+ ssl->session_negotiate->compression = comp;
+ ssl->session_negotiate->id_len = n;
+ memcpy( ssl->session_negotiate->id, buf + 35, n );
+ }
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
ssl->handshake->resume ? "a" : "no" ) );
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index a76ce16..7786186 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2637,7 +2637,7 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 );
-#if defined(MBEDTLS_SSL_SESSION_CACHE)
+#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
/*
* Resume is 0 by default, see ssl_handshake_init().
* It may be already set to 1 by ssl_parse_session_ticket_ext().
@@ -2654,11 +2654,25 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
ssl->handshake->resume = 1;
}
-#endif /* MBEDTLS_SSL_SESSION_CACHE */
+#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
- if( ssl->handshake->resume == 0 )
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
+ if( ssl->handshake->resume == 1 )
+ {
+ /*
+ * Resuming a session
+ */
+ n = ssl->session_negotiate->id_len;
+ ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
+
+ if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
+ return( ret );
+ }
+ }
+ else
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
{
/*
* New session, create a new session id,
@@ -2685,22 +2699,6 @@
return( ret );
}
}
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
- else
- {
- /*
- * Resuming a session
- */
- n = ssl->session_negotiate->id_len;
- ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
-
- if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
- return( ret );
- }
- }
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
/*
* 38 . 38 session id length
@@ -2716,10 +2714,10 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
ssl->handshake->resume ? "a" : "no" ) );
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite >> 8 );
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 420eba2..316d537 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1263,13 +1263,13 @@
(void) ssl;
#endif
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( handshake->resume != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
return( 0 );
}
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
handshake->pmslen );
@@ -7275,9 +7275,9 @@
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
{
-#if defined(MBEDTLS_SSL_SESSION_CACHE)
+#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
int resume = ssl->handshake->resume;
-#endif /* MBEDTLS_SSL_SESSION_CACHE */
+#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
@@ -7306,7 +7306,7 @@
ssl->session = ssl->session_negotiate;
ssl->session_negotiate = NULL;
-#if defined(MBEDTLS_SSL_SESSION_CACHE)
+#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
/*
* Add cache entry
*/
@@ -7317,7 +7317,7 @@
if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
}
-#endif /* MBEDTLS_SSL_SESSION_CACHE */
+#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
@@ -7366,7 +7366,7 @@
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED;
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
/*
* In case of session resuming, invert the client and server
* ChangeCipherSpec messages order.
@@ -7383,7 +7383,7 @@
#endif
}
else
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
ssl->state++;
/*
@@ -7524,7 +7524,7 @@
memcpy( ssl->peer_verify_data, buf, hash_len );
#endif
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( ssl->handshake->resume != 0 )
{
#if defined(MBEDTLS_SSL_CLI_C)
@@ -7537,7 +7537,7 @@
#endif
}
else
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -8162,7 +8162,7 @@
ssl_set_timer( ssl, 0 );
}
-#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
+#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
void *p_cache,
int (*f_get_cache)(void *, mbedtls_ssl_session *),
@@ -8172,9 +8172,9 @@
conf->f_get_cache = f_get_cache;
conf->f_set_cache = f_set_cache;
}
-#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_SESSION_CACHE */
+#endif /* MBEDTLS_SSL_SRV_C && !MBEDTLS_SSL_NO_SESSION_CACHE */
-#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
+#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session )
{
int ret;
@@ -8195,7 +8195,7 @@
return( 0 );
}
-#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SESSION_CACHE */
+#endif /* MBEDTLS_SSL_CLI_C && !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
const int *ciphersuites )
diff --git a/library/version_features.c b/library/version_features.c
index 7deb417..8bc42e3 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -513,12 +513,12 @@
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
"MBEDTLS_SSL_SESSION_TICKETS",
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-#if defined(MBEDTLS_SSL_SESSION_CACHE)
- "MBEDTLS_SSL_SESSION_CACHE",
-#endif /* MBEDTLS_SSL_SESSION_CACHE */
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
- "MBEDTLS_SSL_SESSION_RESUMPTION",
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#if defined(MBEDTLS_SSL_NO_SESSION_CACHE)
+ "MBEDTLS_SSL_NO_SESSION_CACHE",
+#endif /* MBEDTLS_SSL_NO_SESSION_CACHE */
+#if defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
+ "MBEDTLS_SSL_NO_SESSION_RESUMPTION",
+#endif /* MBEDTLS_SSL_NO_SESSION_RESUMPTION */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
"MBEDTLS_SSL_EXPORT_KEYS",
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 799da9a..6566bae 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -236,11 +236,11 @@
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
-#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
+#if defined(MBEDTLS_SSL_CACHE_C) && !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
-#endif /* MBEDTLS_SSL_CACHE_C && MBEDTLS_SSL_SESSION_CACHE */
+#endif /* MBEDTLS_SSL_CACHE_C && !MBEDTLS_SSL_NO_SESSION_CACHE */
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
index 5a1f69e..7e84d5c 100644
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -1410,21 +1410,21 @@
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-#if defined(MBEDTLS_SSL_SESSION_CACHE)
- if( strcmp( "MBEDTLS_SSL_SESSION_CACHE", config ) == 0 )
+#if defined(MBEDTLS_SSL_NO_SESSION_CACHE)
+ if( strcmp( "MBEDTLS_SSL_NO_SESSION_CACHE", config ) == 0 )
{
- MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SESSION_CACHE );
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_NO_SESSION_CACHE );
return( 0 );
}
-#endif /* MBEDTLS_SSL_SESSION_CACHE */
+#endif /* MBEDTLS_SSL_NO_SESSION_CACHE */
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
- if( strcmp( "MBEDTLS_SSL_SESSION_RESUMPTION", config ) == 0 )
+#if defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
+ if( strcmp( "MBEDTLS_SSL_NO_SESSION_RESUMPTION", config ) == 0 )
{
- MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SESSION_RESUMPTION );
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_NO_SESSION_RESUMPTION );
return( 0 );
}
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#endif /* MBEDTLS_SSL_NO_SESSION_RESUMPTION */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
if( strcmp( "MBEDTLS_SSL_EXPORT_KEYS", config ) == 0 )
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index a3f5d60..dd194f3 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2545,14 +2545,14 @@
}
}
-#if defined(MBEDTLS_SSL_SESSION_CACHE)
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
-ret );
goto exit;
}
-#endif /* MBEDTLS_SSL_SESSION_CACHE */
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
if( ( ret = mbedtls_net_connect( &server_fd,
opt.server_addr, opt.server_port,
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 005d3e8..5052435 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -224,11 +224,11 @@
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
-#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
+#if defined(MBEDTLS_SSL_CACHE_C) && !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
-#endif /* MBEDTLS_SSL_CACHE_C && MBEDTLS_SSL_SESSION_CACHE */
+#endif /* MBEDTLS_SSL_CACHE_C && !MBEDTLS_SSL_NO_SESSION_CACHE */
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 4049a27..3f11328 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2527,11 +2527,11 @@
if( opt.cache_timeout != -1 )
mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );
-#if defined(MBEDTLS_SSL_SESSION_CACHE)
+#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
-#endif /* MBEDTLS_SSL_SESSION_CACHE */
+#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 78e123c..63fbea2 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -683,17 +683,17 @@
}
component_test_no_resumption () {
- msg "build: Default + !MBEDTLS_SSL_SESSION_RESUMPTION (ASan build)" # ~ 6 min
+ msg "build: Default + MBEDTLS_SSL_NO_SESSION_RESUMPTION (ASan build)" # ~ 6 min
scripts/config.pl unset MBEDTLS_SSL_SESSION_TICKETS
- scripts/config.pl unset MBEDTLS_SSL_SESSION_CACHE
- scripts/config.pl unset MBEDTLS_SSL_SESSION_RESUMPTION
+ scripts/config.pl set MBEDTLS_SSL_NO_SESSION_CACHE
+ scripts/config.pl set MBEDTLS_SSL_NO_SESSION_RESUMPTION
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
- msg "test: !MBEDTLS_SSL_SESSION_RESUMPTION - main suites (inc. selftests) (ASan build)" # ~ 50s
+ msg "test: MBEDTLS_SSL_NO_SESSION_RESUMPTION - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
- msg "test: !MBEDTLS_SSL_SESSION_RESUMPTION - ssl-opt.sh (ASan build)" # ~ 6 min
+ msg "test: MBEDTLS_SSL_NO_SESSION_RESUMPTION - ssl-opt.sh (ASan build)" # ~ 6 min
if_build_succeeded tests/ssl-opt.sh
}
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index a3c189d..0dd9a87 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -916,7 +916,7 @@
# ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
run_test "Default" \
"$P_SRV debug_level=3" \
- "$P_CLI debug_level=3" \
+ "$P_CLI" \
0 \
-s "Protocol is TLSv1.2" \
-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \
@@ -2206,7 +2206,7 @@
# Tests for Session Tickets
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: basic" \
"$P_SRV debug_level=3 tickets=1" \
@@ -2222,7 +2222,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: cache disabled" \
"$P_SRV debug_level=3 tickets=1 cache_max=0" \
@@ -2238,7 +2238,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: timeout" \
"$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \
@@ -2254,7 +2254,7 @@
-S "a session has been resumed" \
-C "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: session copy" \
"$P_SRV debug_level=3 tickets=1 cache_max=0" \
@@ -2270,7 +2270,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: openssl server" \
"$O_SRV" \
@@ -2281,7 +2281,7 @@
-c "parse new session ticket" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: openssl client" \
"$P_SRV debug_level=3 tickets=1" \
@@ -2297,7 +2297,7 @@
# Tests for Session Tickets with DTLS
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: basic" \
"$P_SRV debug_level=3 dtls=1 tickets=1" \
@@ -2313,7 +2313,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: cache disabled" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
@@ -2329,7 +2329,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: timeout" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \
@@ -2345,7 +2345,7 @@
-S "a session has been resumed" \
-C "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: session copy" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
@@ -2361,7 +2361,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: openssl server" \
"$O_SRV -dtls1" \
@@ -2372,7 +2372,7 @@
-c "parse new session ticket" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: openssl client" \
"$P_SRV dtls=1 debug_level=3 tickets=1" \
@@ -2388,9 +2388,9 @@
# Tests for Session Resume based on session-ID and cache
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: tickets enabled on client" \
"$P_SRV debug_level=3 tickets=0" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2405,9 +2405,9 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: tickets enabled on server" \
"$P_SRV debug_level=3 tickets=1" \
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
@@ -2422,8 +2422,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: cache_max=0" \
"$P_SRV debug_level=3 tickets=0 cache_max=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
@@ -2433,8 +2433,8 @@
-S "a session has been resumed" \
-C "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: cache_max=1" \
"$P_SRV debug_level=3 tickets=0 cache_max=1" \
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
@@ -2444,8 +2444,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: timeout > delay" \
"$P_SRV debug_level=3 tickets=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
@@ -2455,8 +2455,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: timeout < delay" \
"$P_SRV debug_level=3 tickets=0 cache_timeout=1" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
@@ -2466,8 +2466,8 @@
-S "a session has been resumed" \
-C "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: no timeout" \
"$P_SRV debug_level=3 tickets=0 cache_timeout=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
@@ -2477,8 +2477,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: session copy" \
"$P_SRV debug_level=3 tickets=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_mode=0" \
@@ -2488,8 +2488,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: openssl client" \
"$P_SRV debug_level=3 tickets=0" \
"( $O_CLI -sess_out $SESSION; \
@@ -2502,8 +2502,8 @@
-S "session successfully restored from ticket" \
-s "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache: openssl server" \
"$O_SRV" \
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
@@ -2514,9 +2514,9 @@
# Tests for Session Resume based on session-ID and cache, DTLS
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: tickets enabled on client" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
@@ -2531,9 +2531,9 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: tickets enabled on server" \
"$P_SRV dtls=1 debug_level=3 tickets=1" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
@@ -2548,8 +2548,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: cache_max=0" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
@@ -2559,8 +2559,8 @@
-S "a session has been resumed" \
-C "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: cache_max=1" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
@@ -2570,8 +2570,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: timeout > delay" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
@@ -2581,8 +2581,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: timeout < delay" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
@@ -2592,8 +2592,8 @@
-S "a session has been resumed" \
-C "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: no timeout" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
@@ -2603,8 +2603,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: session copy" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_mode=0" \
@@ -2614,8 +2614,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: openssl client" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"( $O_CLI -dtls1 -sess_out $SESSION; \
@@ -2628,8 +2628,8 @@
-S "session successfully restored from ticket" \
-s "a session has been resumed"
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "Session resume using cache, DTLS: openssl server" \
"$O_SRV -dtls1" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
@@ -8074,9 +8074,9 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 4
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "DTLS proxy: 3d, min handshake, resumption" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
@@ -8091,9 +8091,9 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 4
-requires_config_enabled MBEDTLS_SSL_SESSION_RESUMPTION
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
-requires_config_enabled MBEDTLS_SSL_SESSION_CACHE
+requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \