1*1c60b9acSAndroid Build Coastguard Worker /*
2*1c60b9acSAndroid Build Coastguard Worker * libwebsockets - small server side websockets and web server implementation
3*1c60b9acSAndroid Build Coastguard Worker *
4*1c60b9acSAndroid Build Coastguard Worker * Copyright (C) 2010 - 2021 Andy Green <[email protected]>
5*1c60b9acSAndroid Build Coastguard Worker *
6*1c60b9acSAndroid Build Coastguard Worker * Permission is hereby granted, free of charge, to any person obtaining a copy
7*1c60b9acSAndroid Build Coastguard Worker * of this software and associated documentation files (the "Software"), to
8*1c60b9acSAndroid Build Coastguard Worker * deal in the Software without restriction, including without limitation the
9*1c60b9acSAndroid Build Coastguard Worker * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10*1c60b9acSAndroid Build Coastguard Worker * sell copies of the Software, and to permit persons to whom the Software is
11*1c60b9acSAndroid Build Coastguard Worker * furnished to do so, subject to the following conditions:
12*1c60b9acSAndroid Build Coastguard Worker *
13*1c60b9acSAndroid Build Coastguard Worker * The above copyright notice and this permission notice shall be included in
14*1c60b9acSAndroid Build Coastguard Worker * all copies or substantial portions of the Software.
15*1c60b9acSAndroid Build Coastguard Worker *
16*1c60b9acSAndroid Build Coastguard Worker * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17*1c60b9acSAndroid Build Coastguard Worker * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18*1c60b9acSAndroid Build Coastguard Worker * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19*1c60b9acSAndroid Build Coastguard Worker * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20*1c60b9acSAndroid Build Coastguard Worker * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21*1c60b9acSAndroid Build Coastguard Worker * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22*1c60b9acSAndroid Build Coastguard Worker * IN THE SOFTWARE.
23*1c60b9acSAndroid Build Coastguard Worker */
24*1c60b9acSAndroid Build Coastguard Worker
25*1c60b9acSAndroid Build Coastguard Worker #include "private-lib-core.h"
26*1c60b9acSAndroid Build Coastguard Worker
27*1c60b9acSAndroid Build Coastguard Worker typedef struct lws_tls_session_cache_mbedtls {
28*1c60b9acSAndroid Build Coastguard Worker lws_dll2_t list;
29*1c60b9acSAndroid Build Coastguard Worker
30*1c60b9acSAndroid Build Coastguard Worker mbedtls_ssl_session session;
31*1c60b9acSAndroid Build Coastguard Worker lws_sorted_usec_list_t sul_ttl;
32*1c60b9acSAndroid Build Coastguard Worker
33*1c60b9acSAndroid Build Coastguard Worker /* name is overallocated here */
34*1c60b9acSAndroid Build Coastguard Worker } lws_tls_scm_t;
35*1c60b9acSAndroid Build Coastguard Worker
36*1c60b9acSAndroid Build Coastguard Worker #define lwsl_tlssess lwsl_info
37*1c60b9acSAndroid Build Coastguard Worker
38*1c60b9acSAndroid Build Coastguard Worker
39*1c60b9acSAndroid Build Coastguard Worker
40*1c60b9acSAndroid Build Coastguard Worker static void
__lws_tls_session_destroy(lws_tls_scm_t * ts)41*1c60b9acSAndroid Build Coastguard Worker __lws_tls_session_destroy(lws_tls_scm_t *ts)
42*1c60b9acSAndroid Build Coastguard Worker {
43*1c60b9acSAndroid Build Coastguard Worker lwsl_tlssess("%s: %s (%u)\n", __func__, (const char *)&ts[1],
44*1c60b9acSAndroid Build Coastguard Worker (unsigned int)(ts->list.owner->count - 1));
45*1c60b9acSAndroid Build Coastguard Worker
46*1c60b9acSAndroid Build Coastguard Worker lws_sul_cancel(&ts->sul_ttl);
47*1c60b9acSAndroid Build Coastguard Worker mbedtls_ssl_session_free(&ts->session);
48*1c60b9acSAndroid Build Coastguard Worker lws_dll2_remove(&ts->list); /* vh lock */
49*1c60b9acSAndroid Build Coastguard Worker
50*1c60b9acSAndroid Build Coastguard Worker lws_free(ts);
51*1c60b9acSAndroid Build Coastguard Worker }
52*1c60b9acSAndroid Build Coastguard Worker
53*1c60b9acSAndroid Build Coastguard Worker static lws_tls_scm_t *
__lws_tls_session_lookup_by_name(struct lws_vhost * vh,const char * name)54*1c60b9acSAndroid Build Coastguard Worker __lws_tls_session_lookup_by_name(struct lws_vhost *vh, const char *name)
55*1c60b9acSAndroid Build Coastguard Worker {
56*1c60b9acSAndroid Build Coastguard Worker lws_start_foreach_dll(struct lws_dll2 *, p,
57*1c60b9acSAndroid Build Coastguard Worker lws_dll2_get_head(&vh->tls_sessions)) {
58*1c60b9acSAndroid Build Coastguard Worker lws_tls_scm_t *ts = lws_container_of(p, lws_tls_scm_t, list);
59*1c60b9acSAndroid Build Coastguard Worker const char *ts_name = (const char *)&ts[1];
60*1c60b9acSAndroid Build Coastguard Worker
61*1c60b9acSAndroid Build Coastguard Worker if (!strcmp(name, ts_name))
62*1c60b9acSAndroid Build Coastguard Worker return ts;
63*1c60b9acSAndroid Build Coastguard Worker
64*1c60b9acSAndroid Build Coastguard Worker } lws_end_foreach_dll(p);
65*1c60b9acSAndroid Build Coastguard Worker
66*1c60b9acSAndroid Build Coastguard Worker return NULL;
67*1c60b9acSAndroid Build Coastguard Worker }
68*1c60b9acSAndroid Build Coastguard Worker
69*1c60b9acSAndroid Build Coastguard Worker /*
70*1c60b9acSAndroid Build Coastguard Worker * If possible, reuse an existing, cached session
71*1c60b9acSAndroid Build Coastguard Worker */
72*1c60b9acSAndroid Build Coastguard Worker
73*1c60b9acSAndroid Build Coastguard Worker void
lws_tls_reuse_session(struct lws * wsi)74*1c60b9acSAndroid Build Coastguard Worker lws_tls_reuse_session(struct lws *wsi)
75*1c60b9acSAndroid Build Coastguard Worker {
76*1c60b9acSAndroid Build Coastguard Worker char buf[LWS_SESSION_TAG_LEN];
77*1c60b9acSAndroid Build Coastguard Worker mbedtls_ssl_context *msc;
78*1c60b9acSAndroid Build Coastguard Worker lws_tls_scm_t *ts;
79*1c60b9acSAndroid Build Coastguard Worker
80*1c60b9acSAndroid Build Coastguard Worker if (!wsi->a.vhost ||
81*1c60b9acSAndroid Build Coastguard Worker wsi->a.vhost->options & LWS_SERVER_OPTION_DISABLE_TLS_SESSION_CACHE)
82*1c60b9acSAndroid Build Coastguard Worker return;
83*1c60b9acSAndroid Build Coastguard Worker
84*1c60b9acSAndroid Build Coastguard Worker lws_context_lock(wsi->a.context, __func__); /* -------------- cx { */
85*1c60b9acSAndroid Build Coastguard Worker lws_vhost_lock(wsi->a.vhost); /* -------------- vh { */
86*1c60b9acSAndroid Build Coastguard Worker
87*1c60b9acSAndroid Build Coastguard Worker if (lws_tls_session_tag_from_wsi(wsi, buf, sizeof(buf)))
88*1c60b9acSAndroid Build Coastguard Worker goto bail;
89*1c60b9acSAndroid Build Coastguard Worker
90*1c60b9acSAndroid Build Coastguard Worker ts = __lws_tls_session_lookup_by_name(wsi->a.vhost, buf);
91*1c60b9acSAndroid Build Coastguard Worker
92*1c60b9acSAndroid Build Coastguard Worker if (!ts) {
93*1c60b9acSAndroid Build Coastguard Worker lwsl_tlssess("%s: no existing session for %s\n", __func__, buf);
94*1c60b9acSAndroid Build Coastguard Worker goto bail;
95*1c60b9acSAndroid Build Coastguard Worker }
96*1c60b9acSAndroid Build Coastguard Worker
97*1c60b9acSAndroid Build Coastguard Worker lwsl_tlssess("%s: %s\n", __func__, (const char *)&ts[1]);
98*1c60b9acSAndroid Build Coastguard Worker wsi->tls_session_reused = 1;
99*1c60b9acSAndroid Build Coastguard Worker
100*1c60b9acSAndroid Build Coastguard Worker msc = SSL_mbedtls_ssl_context_from_SSL(wsi->tls.ssl);
101*1c60b9acSAndroid Build Coastguard Worker mbedtls_ssl_set_session(msc, &ts->session);
102*1c60b9acSAndroid Build Coastguard Worker
103*1c60b9acSAndroid Build Coastguard Worker /* keep our session list sorted in lru -> mru order */
104*1c60b9acSAndroid Build Coastguard Worker
105*1c60b9acSAndroid Build Coastguard Worker lws_dll2_remove(&ts->list);
106*1c60b9acSAndroid Build Coastguard Worker lws_dll2_add_tail(&ts->list, &wsi->a.vhost->tls_sessions);
107*1c60b9acSAndroid Build Coastguard Worker
108*1c60b9acSAndroid Build Coastguard Worker bail:
109*1c60b9acSAndroid Build Coastguard Worker lws_vhost_unlock(wsi->a.vhost); /* } vh -------------- */
110*1c60b9acSAndroid Build Coastguard Worker lws_context_unlock(wsi->a.context); /* } cx -------------- */
111*1c60b9acSAndroid Build Coastguard Worker }
112*1c60b9acSAndroid Build Coastguard Worker
113*1c60b9acSAndroid Build Coastguard Worker int
lws_tls_session_is_reused(struct lws * wsi)114*1c60b9acSAndroid Build Coastguard Worker lws_tls_session_is_reused(struct lws *wsi)
115*1c60b9acSAndroid Build Coastguard Worker {
116*1c60b9acSAndroid Build Coastguard Worker #if defined(LWS_WITH_CLIENT)
117*1c60b9acSAndroid Build Coastguard Worker struct lws *nwsi = lws_get_network_wsi(wsi);
118*1c60b9acSAndroid Build Coastguard Worker
119*1c60b9acSAndroid Build Coastguard Worker if (!nwsi)
120*1c60b9acSAndroid Build Coastguard Worker return 0;
121*1c60b9acSAndroid Build Coastguard Worker
122*1c60b9acSAndroid Build Coastguard Worker return nwsi->tls_session_reused;
123*1c60b9acSAndroid Build Coastguard Worker #else
124*1c60b9acSAndroid Build Coastguard Worker return 0;
125*1c60b9acSAndroid Build Coastguard Worker #endif
126*1c60b9acSAndroid Build Coastguard Worker }
127*1c60b9acSAndroid Build Coastguard Worker
128*1c60b9acSAndroid Build Coastguard Worker static int
lws_tls_session_destroy_dll(struct lws_dll2 * d,void * user)129*1c60b9acSAndroid Build Coastguard Worker lws_tls_session_destroy_dll(struct lws_dll2 *d, void *user)
130*1c60b9acSAndroid Build Coastguard Worker {
131*1c60b9acSAndroid Build Coastguard Worker lws_tls_scm_t *ts = lws_container_of(d, lws_tls_scm_t, list);
132*1c60b9acSAndroid Build Coastguard Worker
133*1c60b9acSAndroid Build Coastguard Worker __lws_tls_session_destroy(ts);
134*1c60b9acSAndroid Build Coastguard Worker
135*1c60b9acSAndroid Build Coastguard Worker return 0;
136*1c60b9acSAndroid Build Coastguard Worker }
137*1c60b9acSAndroid Build Coastguard Worker
138*1c60b9acSAndroid Build Coastguard Worker void
lws_tls_session_vh_destroy(struct lws_vhost * vh)139*1c60b9acSAndroid Build Coastguard Worker lws_tls_session_vh_destroy(struct lws_vhost *vh)
140*1c60b9acSAndroid Build Coastguard Worker {
141*1c60b9acSAndroid Build Coastguard Worker lws_dll2_foreach_safe(&vh->tls_sessions, NULL,
142*1c60b9acSAndroid Build Coastguard Worker lws_tls_session_destroy_dll);
143*1c60b9acSAndroid Build Coastguard Worker }
144*1c60b9acSAndroid Build Coastguard Worker
145*1c60b9acSAndroid Build Coastguard Worker static void
lws_tls_session_expiry_cb(lws_sorted_usec_list_t * sul)146*1c60b9acSAndroid Build Coastguard Worker lws_tls_session_expiry_cb(lws_sorted_usec_list_t *sul)
147*1c60b9acSAndroid Build Coastguard Worker {
148*1c60b9acSAndroid Build Coastguard Worker lws_tls_scm_t *ts = lws_container_of(sul, lws_tls_scm_t, sul_ttl);
149*1c60b9acSAndroid Build Coastguard Worker struct lws_vhost *vh = lws_container_of(ts->list.owner,
150*1c60b9acSAndroid Build Coastguard Worker struct lws_vhost, tls_sessions);
151*1c60b9acSAndroid Build Coastguard Worker
152*1c60b9acSAndroid Build Coastguard Worker lws_context_lock(vh->context, __func__); /* -------------- cx { */
153*1c60b9acSAndroid Build Coastguard Worker lws_vhost_lock(vh); /* -------------- vh { */
154*1c60b9acSAndroid Build Coastguard Worker __lws_tls_session_destroy(ts);
155*1c60b9acSAndroid Build Coastguard Worker lws_vhost_unlock(vh); /* } vh -------------- */
156*1c60b9acSAndroid Build Coastguard Worker lws_context_unlock(vh->context); /* } cx -------------- */
157*1c60b9acSAndroid Build Coastguard Worker }
158*1c60b9acSAndroid Build Coastguard Worker
159*1c60b9acSAndroid Build Coastguard Worker /*
160*1c60b9acSAndroid Build Coastguard Worker * Called after SSL_accept on the wsi
161*1c60b9acSAndroid Build Coastguard Worker */
162*1c60b9acSAndroid Build Coastguard Worker
163*1c60b9acSAndroid Build Coastguard Worker int
lws_tls_session_new_mbedtls(struct lws * wsi)164*1c60b9acSAndroid Build Coastguard Worker lws_tls_session_new_mbedtls(struct lws *wsi)
165*1c60b9acSAndroid Build Coastguard Worker {
166*1c60b9acSAndroid Build Coastguard Worker char buf[LWS_SESSION_TAG_LEN];
167*1c60b9acSAndroid Build Coastguard Worker mbedtls_ssl_context *msc;
168*1c60b9acSAndroid Build Coastguard Worker struct lws_vhost *vh;
169*1c60b9acSAndroid Build Coastguard Worker lws_tls_scm_t *ts;
170*1c60b9acSAndroid Build Coastguard Worker size_t nl;
171*1c60b9acSAndroid Build Coastguard Worker #if !defined(LWS_WITH_NO_LOGS) && defined(_DEBUG)
172*1c60b9acSAndroid Build Coastguard Worker const char *disposition = "reuse";
173*1c60b9acSAndroid Build Coastguard Worker #endif
174*1c60b9acSAndroid Build Coastguard Worker
175*1c60b9acSAndroid Build Coastguard Worker vh = wsi->a.vhost;
176*1c60b9acSAndroid Build Coastguard Worker if (vh->options & LWS_SERVER_OPTION_DISABLE_TLS_SESSION_CACHE)
177*1c60b9acSAndroid Build Coastguard Worker return 0;
178*1c60b9acSAndroid Build Coastguard Worker
179*1c60b9acSAndroid Build Coastguard Worker if (lws_tls_session_tag_from_wsi(wsi, buf, sizeof(buf)))
180*1c60b9acSAndroid Build Coastguard Worker return 0;
181*1c60b9acSAndroid Build Coastguard Worker
182*1c60b9acSAndroid Build Coastguard Worker nl = strlen(buf);
183*1c60b9acSAndroid Build Coastguard Worker
184*1c60b9acSAndroid Build Coastguard Worker msc = SSL_mbedtls_ssl_context_from_SSL(wsi->tls.ssl);
185*1c60b9acSAndroid Build Coastguard Worker
186*1c60b9acSAndroid Build Coastguard Worker lws_context_lock(vh->context, __func__); /* -------------- cx { */
187*1c60b9acSAndroid Build Coastguard Worker lws_vhost_lock(vh); /* -------------- vh { */
188*1c60b9acSAndroid Build Coastguard Worker
189*1c60b9acSAndroid Build Coastguard Worker ts = __lws_tls_session_lookup_by_name(vh, buf);
190*1c60b9acSAndroid Build Coastguard Worker
191*1c60b9acSAndroid Build Coastguard Worker if (!ts) {
192*1c60b9acSAndroid Build Coastguard Worker /*
193*1c60b9acSAndroid Build Coastguard Worker * We have to make our own, new session
194*1c60b9acSAndroid Build Coastguard Worker */
195*1c60b9acSAndroid Build Coastguard Worker
196*1c60b9acSAndroid Build Coastguard Worker if (vh->tls_sessions.count == vh->tls_session_cache_max) {
197*1c60b9acSAndroid Build Coastguard Worker
198*1c60b9acSAndroid Build Coastguard Worker /*
199*1c60b9acSAndroid Build Coastguard Worker * We have reached the vhost's session cache limit,
200*1c60b9acSAndroid Build Coastguard Worker * prune the LRU / head
201*1c60b9acSAndroid Build Coastguard Worker */
202*1c60b9acSAndroid Build Coastguard Worker ts = lws_container_of(vh->tls_sessions.head,
203*1c60b9acSAndroid Build Coastguard Worker lws_tls_scm_t, list);
204*1c60b9acSAndroid Build Coastguard Worker
205*1c60b9acSAndroid Build Coastguard Worker lwsl_tlssess("%s: pruning oldest session (hit max %u)\n",
206*1c60b9acSAndroid Build Coastguard Worker __func__,
207*1c60b9acSAndroid Build Coastguard Worker (unsigned int)vh->tls_session_cache_max);
208*1c60b9acSAndroid Build Coastguard Worker
209*1c60b9acSAndroid Build Coastguard Worker lws_vhost_lock(vh); /* -------------- vh { */
210*1c60b9acSAndroid Build Coastguard Worker __lws_tls_session_destroy(ts);
211*1c60b9acSAndroid Build Coastguard Worker lws_vhost_unlock(vh); /* } vh -------------- */
212*1c60b9acSAndroid Build Coastguard Worker }
213*1c60b9acSAndroid Build Coastguard Worker
214*1c60b9acSAndroid Build Coastguard Worker ts = lws_malloc(sizeof(*ts) + nl + 1, __func__);
215*1c60b9acSAndroid Build Coastguard Worker
216*1c60b9acSAndroid Build Coastguard Worker if (!ts)
217*1c60b9acSAndroid Build Coastguard Worker goto bail;
218*1c60b9acSAndroid Build Coastguard Worker
219*1c60b9acSAndroid Build Coastguard Worker memset(ts, 0, sizeof(*ts));
220*1c60b9acSAndroid Build Coastguard Worker memcpy(&ts[1], buf, nl + 1);
221*1c60b9acSAndroid Build Coastguard Worker
222*1c60b9acSAndroid Build Coastguard Worker if (mbedtls_ssl_get_session(msc, &ts->session)) {
223*1c60b9acSAndroid Build Coastguard Worker lws_free(ts);
224*1c60b9acSAndroid Build Coastguard Worker /* no joy for whatever reason */
225*1c60b9acSAndroid Build Coastguard Worker goto bail;
226*1c60b9acSAndroid Build Coastguard Worker }
227*1c60b9acSAndroid Build Coastguard Worker
228*1c60b9acSAndroid Build Coastguard Worker lws_dll2_add_tail(&ts->list, &vh->tls_sessions);
229*1c60b9acSAndroid Build Coastguard Worker
230*1c60b9acSAndroid Build Coastguard Worker lws_sul_schedule(wsi->a.context, wsi->tsi, &ts->sul_ttl,
231*1c60b9acSAndroid Build Coastguard Worker lws_tls_session_expiry_cb,
232*1c60b9acSAndroid Build Coastguard Worker (int64_t)vh->tls.tls_session_cache_ttl *
233*1c60b9acSAndroid Build Coastguard Worker LWS_US_PER_SEC);
234*1c60b9acSAndroid Build Coastguard Worker
235*1c60b9acSAndroid Build Coastguard Worker #if !defined(LWS_WITH_NO_LOGS) && defined(_DEBUG)
236*1c60b9acSAndroid Build Coastguard Worker disposition = "new";
237*1c60b9acSAndroid Build Coastguard Worker #endif
238*1c60b9acSAndroid Build Coastguard Worker } else {
239*1c60b9acSAndroid Build Coastguard Worker
240*1c60b9acSAndroid Build Coastguard Worker mbedtls_ssl_session_free(&ts->session);
241*1c60b9acSAndroid Build Coastguard Worker
242*1c60b9acSAndroid Build Coastguard Worker if (mbedtls_ssl_get_session(msc, &ts->session))
243*1c60b9acSAndroid Build Coastguard Worker /* no joy for whatever reason */
244*1c60b9acSAndroid Build Coastguard Worker goto bail;
245*1c60b9acSAndroid Build Coastguard Worker
246*1c60b9acSAndroid Build Coastguard Worker /* keep our session list sorted in lru -> mru order */
247*1c60b9acSAndroid Build Coastguard Worker
248*1c60b9acSAndroid Build Coastguard Worker lws_dll2_remove(&ts->list);
249*1c60b9acSAndroid Build Coastguard Worker lws_dll2_add_tail(&ts->list, &vh->tls_sessions);
250*1c60b9acSAndroid Build Coastguard Worker }
251*1c60b9acSAndroid Build Coastguard Worker
252*1c60b9acSAndroid Build Coastguard Worker lws_vhost_unlock(vh); /* } vh -------------- */
253*1c60b9acSAndroid Build Coastguard Worker lws_context_unlock(vh->context); /* } cx -------------- */
254*1c60b9acSAndroid Build Coastguard Worker
255*1c60b9acSAndroid Build Coastguard Worker lwsl_tlssess("%s: %s: %s %s, (%s:%u)\n", __func__,
256*1c60b9acSAndroid Build Coastguard Worker wsi->lc.gutag, disposition, buf, vh->name,
257*1c60b9acSAndroid Build Coastguard Worker (unsigned int)vh->tls_sessions.count);
258*1c60b9acSAndroid Build Coastguard Worker
259*1c60b9acSAndroid Build Coastguard Worker /*
260*1c60b9acSAndroid Build Coastguard Worker * indicate we will hold on to the SSL_SESSION reference, and take
261*1c60b9acSAndroid Build Coastguard Worker * responsibility to call SSL_SESSION_free() on it ourselves
262*1c60b9acSAndroid Build Coastguard Worker */
263*1c60b9acSAndroid Build Coastguard Worker
264*1c60b9acSAndroid Build Coastguard Worker return 1;
265*1c60b9acSAndroid Build Coastguard Worker
266*1c60b9acSAndroid Build Coastguard Worker bail:
267*1c60b9acSAndroid Build Coastguard Worker lws_vhost_unlock(vh); /* } vh -------------- */
268*1c60b9acSAndroid Build Coastguard Worker lws_context_unlock(vh->context); /* } cx -------------- */
269*1c60b9acSAndroid Build Coastguard Worker
270*1c60b9acSAndroid Build Coastguard Worker return 0;
271*1c60b9acSAndroid Build Coastguard Worker }
272*1c60b9acSAndroid Build Coastguard Worker
273*1c60b9acSAndroid Build Coastguard Worker #if defined(LWS_TLS_SYNTHESIZE_CB)
274*1c60b9acSAndroid Build Coastguard Worker
275*1c60b9acSAndroid Build Coastguard Worker /*
276*1c60b9acSAndroid Build Coastguard Worker * On openssl, there is an async cb coming when the server issues the session
277*1c60b9acSAndroid Build Coastguard Worker * information on the link, so we can pick it up and update the cache at the
278*1c60b9acSAndroid Build Coastguard Worker * right time.
279*1c60b9acSAndroid Build Coastguard Worker *
280*1c60b9acSAndroid Build Coastguard Worker * On mbedtls and some version at least of borning ssl, this cb is either not
281*1c60b9acSAndroid Build Coastguard Worker * part of the tls library apis or fails to arrive.
282*1c60b9acSAndroid Build Coastguard Worker */
283*1c60b9acSAndroid Build Coastguard Worker
284*1c60b9acSAndroid Build Coastguard Worker void
lws_sess_cache_synth_cb(lws_sorted_usec_list_t * sul)285*1c60b9acSAndroid Build Coastguard Worker lws_sess_cache_synth_cb(lws_sorted_usec_list_t *sul)
286*1c60b9acSAndroid Build Coastguard Worker {
287*1c60b9acSAndroid Build Coastguard Worker struct lws_lws_tls *tls = lws_container_of(sul, struct lws_lws_tls,
288*1c60b9acSAndroid Build Coastguard Worker sul_cb_synth);
289*1c60b9acSAndroid Build Coastguard Worker struct lws *wsi = lws_container_of(tls, struct lws, tls);
290*1c60b9acSAndroid Build Coastguard Worker
291*1c60b9acSAndroid Build Coastguard Worker lws_tls_session_new_mbedtls(wsi);
292*1c60b9acSAndroid Build Coastguard Worker }
293*1c60b9acSAndroid Build Coastguard Worker #endif
294*1c60b9acSAndroid Build Coastguard Worker
295*1c60b9acSAndroid Build Coastguard Worker void
lws_tls_session_cache(struct lws_vhost * vh,uint32_t ttl)296*1c60b9acSAndroid Build Coastguard Worker lws_tls_session_cache(struct lws_vhost *vh, uint32_t ttl)
297*1c60b9acSAndroid Build Coastguard Worker {
298*1c60b9acSAndroid Build Coastguard Worker /* Default to 1hr max recommendation from RFC5246 F.1.4 */
299*1c60b9acSAndroid Build Coastguard Worker vh->tls.tls_session_cache_ttl = !ttl ? 3600 : ttl;
300*1c60b9acSAndroid Build Coastguard Worker }
301*1c60b9acSAndroid Build Coastguard Worker
302*1c60b9acSAndroid Build Coastguard Worker int
lws_tls_session_dump_save(struct lws_vhost * vh,const char * host,uint16_t port,lws_tls_sess_cb_t cb_save,void * opq)303*1c60b9acSAndroid Build Coastguard Worker lws_tls_session_dump_save(struct lws_vhost *vh, const char *host, uint16_t port,
304*1c60b9acSAndroid Build Coastguard Worker lws_tls_sess_cb_t cb_save, void *opq)
305*1c60b9acSAndroid Build Coastguard Worker {
306*1c60b9acSAndroid Build Coastguard Worker /* there seems no serialization / deserialization helper in mbedtls */
307*1c60b9acSAndroid Build Coastguard Worker lwsl_warn("%s: only supported on openssl atm\n", __func__);
308*1c60b9acSAndroid Build Coastguard Worker
309*1c60b9acSAndroid Build Coastguard Worker return 1;
310*1c60b9acSAndroid Build Coastguard Worker }
311*1c60b9acSAndroid Build Coastguard Worker
312*1c60b9acSAndroid Build Coastguard Worker int
lws_tls_session_dump_load(struct lws_vhost * vh,const char * host,uint16_t port,lws_tls_sess_cb_t cb_load,void * opq)313*1c60b9acSAndroid Build Coastguard Worker lws_tls_session_dump_load(struct lws_vhost *vh, const char *host, uint16_t port,
314*1c60b9acSAndroid Build Coastguard Worker lws_tls_sess_cb_t cb_load, void *opq)
315*1c60b9acSAndroid Build Coastguard Worker {
316*1c60b9acSAndroid Build Coastguard Worker /* there seems no serialization / deserialization helper in mbedtls */
317*1c60b9acSAndroid Build Coastguard Worker lwsl_warn("%s: only supported on openssl atm\n", __func__);
318*1c60b9acSAndroid Build Coastguard Worker
319*1c60b9acSAndroid Build Coastguard Worker return 1;
320*1c60b9acSAndroid Build Coastguard Worker }
321