Add tests for session ticket lifetime
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index a95bcad..81027a6 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -69,6 +69,7 @@
#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
+#define DFL_TICKET_TIMEOUT -1
#define DFL_CACHE_MAX -1
#define DFL_CACHE_TIMEOUT -1
@@ -112,6 +113,7 @@
int auth_mode; /* verify mode for connection */
unsigned char mfl_code; /* code for maximum fragment length */
int tickets; /* enable / disable session tickets */
+ int ticket_timeout; /* session ticket lifetime */
int cache_max; /* max number of session cache entries */
int cache_timeout; /* expiration delay of session cache entries */
} opt;
@@ -161,7 +163,8 @@
#if defined(POLARSSL_SSL_SESSION_TICKETS)
#define USAGE_TICKETS \
- " tickets=%%d default: 1 (enabled)\n"
+ " tickets=%%d default: 1 (enabled)\n" \
+ " ticket_timeout=%%d default: ticket default (1d)\n"
#else
#define USAGE_TICKETS ""
#endif /* POLARSSL_SSL_SESSION_TICKETS */
@@ -320,6 +323,7 @@
opt.auth_mode = DFL_AUTH_MODE;
opt.mfl_code = DFL_MFL_CODE;
opt.tickets = DFL_TICKETS;
+ opt.ticket_timeout = DFL_TICKET_TIMEOUT;
opt.cache_max = DFL_CACHE_MAX;
opt.cache_timeout = DFL_CACHE_TIMEOUT;
@@ -471,6 +475,12 @@
if( opt.tickets < 0 || opt.tickets > 1 )
goto usage;
}
+ else if( strcmp( p, "ticket_timeout" ) == 0 )
+ {
+ opt.ticket_timeout = atoi( q );
+ if( opt.ticket_timeout < 0 )
+ goto usage;
+ }
else if( strcmp( p, "cache_max" ) == 0 )
{
opt.cache_max = atoi( q );
@@ -765,6 +775,9 @@
#if defined(POLARSSL_SSL_SESSION_TICKETS)
ssl_set_session_tickets( &ssl, opt.tickets );
+
+ if( opt.ticket_timeout != -1 )
+ ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout );
#endif
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ac38f04..0042561 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -104,7 +104,7 @@
run_test "Session resume using tickets #1" \
"debug_level=4 tickets=1" \
- "debug_level=4 reconnect=1 tickets=1" \
+ "debug_level=4 tickets=1 reconnect=1" \
0 \
-c "client hello, adding session ticket extension" \
-s "found session ticket extension" \
@@ -118,7 +118,35 @@
run_test "Session resume using tickets #2" \
"debug_level=4 tickets=1 cache_max=0" \
- "debug_level=4 reconnect=1 tickets=1" \
+ "debug_level=4 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+run_test "Session resume using tickets #3" \
+ "debug_level=4 tickets=1 cache_max=0 ticket_timeout=1" \
+ "debug_level=4 tickets=1 reconnect=1 reco_delay=2" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -S "session successfully restored from ticket" \
+ -S "a session has been resumed" \
+ -C "a session has been resumed"
+
+run_test "Session resume using tickets #4" \
+ "debug_level=4 tickets=1 cache_max=0 ticket_timeout=2" \
+ "debug_level=4 tickets=1 reconnect=1 reco_delay=0" \
0 \
-c "client hello, adding session ticket extension" \
-s "found session ticket extension" \