Remove ciphersuite from SSL session if single suite hardcoded
If MBEDTLS_SSL_SINGLE_CIPHERSUITE is enabled, the type
mbedtls_ssl_ciphersuite_handle_t
is logically a boolean (concretely realized as `unsigned char`),
containing the invalid handle and the unique valid handle, which
represents the single enabled ciphersuite.
The SSL session structure mbedtls_ssl_session contains an instance
of mbedtls_ssl_ciphersuite_handle_t which is guaranteed to be valid,
and which is hence redundant in any two-valued implementation of
mbedtls_ssl_ciphersuite_handle_t.
This commit replaces read-uses of
mbedtls_ssl_session::ciphersuite_info
by a getter functions which, and defines this getter function
either by just reading the field from the session structure
(in case MBEDTLS_SSL_SINGLE_CIPHERSUITE is disabled), or by
returning the single valid ciphersuite handle (in case
MBEDTLS_SSL_SINGLE_CIPHERSUITE is enabled) and removing the
field from mbedtls_ssl_session in this case.
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 62a0a29..bcc2f59 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -84,10 +84,13 @@
continue;
#endif
- if( session->ciphersuite != entry->session.ciphersuite ||
+ if( mbedtls_ssl_session_get_ciphersuite( session ) !=
+ mbedtls_ssl_session_get_ciphersuite( &entry->session ) ||
session->compression != entry->session.compression ||
session->id_len != entry->session.id_len )
+ {
continue;
+ }
if( memcmp( session->id, entry->session.id,
entry->session.id_len ) != 0 )