Cryptography Reference
In-Depth Information
Notice that
find_stored_session
doesn't actually return anything. If it fi nds
an entry corresponding to the request session, it updates the
TLSParameters
structure with the corresponding master secret and continues on. It's up to the
caller to check to see if the
TLSParameters
structure was updated or not.
Modifying parse_client_hello to Recognize Session Resumption
Requests
To make use of these new functions,
parse_client_hello
must fi rst be modifi ed
to check to see if the client is attempting a renegotiation as shown in Listing 8-14.
Listing 8-14:
“tls.c” parse_client_hello with session resumption support
static char *parse_client_hello( char *read_pos,
int pdu_length,
TLSParameters *parameters )
{
…
free( hello.compression_methods );
if ( hello.session_id_length > 0 )
{
find_stored_session( hello.session_id_length, hello.session_id,
parameters );
}
if ( hello.session_id )
This just invokes
find_stored_session_id
if the client passes one in. If
the requested session ID is found, the
parameters
structure now contains the
master secret and the session ID that has been found. If not, nothing is done
and the handshake should continue as if no session ID had been suggested. An
unrecognized session ID is not necessarily an error — the client could just be
trying to resume an old session.
Correspondingly,
tls_accept
must be updated to check this condition and
perform the shortened handshake if the client is resuming as in Listing 8-15.
Listing 8-15:
“tls.c” tls_accept with session resumption support
int tls_accept( int connection,
TLSParameters *parameters )
{
…
parameters->got_client_hello = 0;
while ( !parameters->got_client_hello )
{
if ( receive_tls_msg( connection, NULL, 0, parameters ) < 0 )
{
(Continued)
Search WWH ::
Custom Search