Cryptography Reference
In-Depth Information
}
package.cipher_suites_length = htons( 2 );
If the client supports any extensions, it re-sends them here. This is important if
the session ID is not recognized and the server starts a new handshake. It needs
to be able to see all of the original extensions. Of course, if the client negotiates
an extension the fi rst time around, you should assume it's still in effect if the
session is resumed.
Testing Session Resumption
You mu st update
parse_server_hello
, of course, to store the session ID assigned
by the server as shown in Listing 8-7.
Listing 8-7:
“tls.c” parse_server_hello with session ID support
memcpy( ( void * ) ( parameters->server_random + 4 ), ( void * )
hello.random.random_bytes, 28 );
parameters->session_id_length = hello.session_id_length;
memcpy( parameters->session_id, hello.session_id, hello.session_id_length );
Go ahead and expand the https example from Listing 6-2 to allow the user to
pass in a session ID/master secret combination from a prior session for resump-
tion. The session ID is unique to the target server. If you try to pass a session ID
to a different server, the session ID will almost certainly not be recognized, and
if it is, you don't know what the master secret was, so the session resumption
fails when the server tries to verify your fi nished message. The modifi ed https
example is shown in Listing 8-8.
Listing 8-8:
“https.c” main routine with session resumption
int main( int argc, char *argv[ ] )
{
…
int master_secret_length;
unsigned char *master_secret;
int session_id_length;
unsigned char *session_id;
…
proxy_host = proxy_user = proxy_password = host = path =
session_id = master_secret = NULL;
session_id_length = master_secret_length = 0;
for ( ind = 1; ind < ( argc - 1 ); ind++ )
{
if ( !strcmp( “-p”, argv[ ind ] ) )
{
if ( !parse_proxy_param( argv[ ++ind ], &proxy_host, &proxy_port,
(Continued)
Search WWH ::
Custom Search