commit 606b4ba20f0d95d4fd3d0965601b3aaa380c744d
author Paul Bakker <p.j.bakker@polarssl.org> Wed Aug 14 16:52:14 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Thu Aug 15 11:42:48 2013 +0200
tree bfe4c37886f459730c94ccbd5cfe616c57fcfad6
parent f0e39acb58990d7fe659770674261cd6829bdc02

Session ticket expiration checked on server

include/polarssl/config.h

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 6fa95c4..22faf04 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -1332,6 +1332,7 @@
 // SSL options
 //
 #define SSL_MAX_CONTENT_LEN             16384 /**< Size of the input / output buffer */
+#define SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
 
 #endif /* POLARSSL_CONFIG_OPTIONS */
 

include/polarssl/error.h

diff --git a/include/polarssl/error.h b/include/polarssl/error.h
index 48de009..45a6640 100644
--- a/include/polarssl/error.h
+++ b/include/polarssl/error.h
@@ -84,7 +84,7 @@
  * ECP      4   4 (Started from top)
  * MD       5   4
  * CIPHER   6   5
- * SSL      6   4 (Started from top)
+ * SSL      6   5 (Started from top)
  * SSL      7   31
  *
  * Module dependent error code (5 bits 0x.08.-0x.F8.)

include/polarssl/ssl.h

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index f45d00e..ed11e1e 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -109,6 +109,7 @@
 #define POLARSSL_ERR_SSL_COMPRESSION_FAILED                -0x6F00  /**< Processing of the compression / decompression failed */
 #define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION           -0x6E80  /**< Handshake protocol not within min/max boundaries */
 #define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET         -0x6E00  /**< Processing of the NewSessionTicket handshake message failed. */
+#define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED            -0x6D80  /**< Session ticket has expired. */
 
 
 /*
@@ -158,6 +159,10 @@
 #define SSL_SESSION_TICKETS_DISABLED     0
 #define SSL_SESSION_TICKETS_ENABLED      1
 
+#if !defined(POLARSSL_CONFIG_OPTIONS)
+#define SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
+#endif /* !POLARSSL_CONFIG_OPTIONS */
+
 /*
  * Size of the input / output buffer.
  * Note: the RFC defines the default size of SSL / TLS messages. If you
@@ -592,7 +597,10 @@
     int allow_legacy_renegotiation;     /*!<  allow legacy renegotiation     */
     const int *ciphersuite_list[4];     /*!<  allowed ciphersuites / version */
     int trunc_hmac;                     /*!<  negotiate truncated hmac?      */
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
     int session_tickets;                /*!<  use session tickets?    */
+    int ticket_lifetime;                /*!<  session ticket lifetime */
+#endif
 
 #if defined(POLARSSL_DHM_C)
     mpi dhm_P;                          /*!<  prime modulus for DHM   */
@@ -1065,6 +1073,15 @@
  *                 or a specific error code (server only).
  */
 int ssl_set_session_tickets( ssl_context *ssl, int use_tickets );
+
+/**
+ * \brief          Set session ticket lifetime (server only)
+ *                 (Default: SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day))
+ *
+ * \param ssl      SSL context
+ * \param lifetime session ticket lifetime
+ */
+void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime );
 #endif /* POLARSSL_SSL_SESSION_TICKETS */
 
 /**