Cryptography Reference
In-Depth Information
Notice that find_stored_session doesn't actually return anything. If it fi nds
an entry corresponding to the request session, it updates the TLSParameters
structure with the corresponding master secret and continues on. It's up to the
caller to check to see if the TLSParameters structure was updated or not.
Modifying parse_client_hello to Recognize Session Resumption
Requests
To make use of these new functions, parse_client_hello must fi rst be modifi ed
to check to see if the client is attempting a renegotiation as shown in Listing 8-14.
Listing 8-14: “tls.c” parse_client_hello with session resumption support
static char *parse_client_hello( char *read_pos,
int pdu_length,
TLSParameters *parameters )
{
free( hello.compression_methods );
if ( hello.session_id_length > 0 )
{
find_stored_session( hello.session_id_length, hello.session_id,
parameters );
}
if ( hello.session_id )
This just invokes find_stored_session_id if the client passes one in. If
the requested session ID is found, the parameters structure now contains the
master secret and the session ID that has been found. If not, nothing is done
and the handshake should continue as if no session ID had been suggested. An
unrecognized session ID is not necessarily an error — the client could just be
trying to resume an old session.
Correspondingly, tls_accept must be updated to check this condition and
perform the shortened handshake if the client is resuming as in Listing 8-15.
Listing 8-15: “tls.c” tls_accept with session resumption support
int tls_accept( int connection,
TLSParameters *parameters )
{
parameters->got_client_hello = 0;
while ( !parameters->got_client_hello )
{
if ( receive_tls_msg( connection, NULL, 0, parameters ) < 0 )
{
(Continued)
Search WWH ::




Custom Search