From 3d53ed17fb305c2cec1b48ed9bd1c631cc8822a1 Mon Sep 17 00:00:00 2001 From: Sergey Lyubka Date: Mon, 11 May 2020 14:09:29 +0100 Subject: [PATCH] Allow OpenSSL session reuse on 2-way SSL, integrate https://github.com/cesanta/mongoose/pull/877 PUBLISHED_FROM=6e2568b963869d062dd51b590f8e536d043c4ca2 --- mongoose.c | 5 +++++ src/mg_ssl_if_openssl.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/mongoose.c b/mongoose.c index 02960558..fde66dec 100644 --- a/mongoose.c +++ b/mongoose.c @@ -4474,6 +4474,8 @@ struct mg_iface *mg_socks_mk_iface(struct mg_mgr *mgr, const char *proxy_addr) { #include #endif +static const char *mg_default_session_id_context = "mongoose"; + struct mg_ssl_if_ctx { SSL *ssl; SSL_CTX *ssl_ctx; @@ -4535,6 +4537,9 @@ enum mg_ssl_if_result mg_ssl_if_conn_init( SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2); SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3); SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1); + SSL_CTX_set_session_id_context(ctx->ssl_ctx, + (void *) mg_default_session_id_context, + strlen(mg_default_session_id_context)); #ifdef MG_SSL_OPENSSL_NO_COMPRESSION SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_COMPRESSION); #endif diff --git a/src/mg_ssl_if_openssl.c b/src/mg_ssl_if_openssl.c index 17d82f58..c2c9bc40 100644 --- a/src/mg_ssl_if_openssl.c +++ b/src/mg_ssl_if_openssl.c @@ -15,6 +15,8 @@ #include #endif +static const char *mg_default_session_id_context = "mongoose"; + struct mg_ssl_if_ctx { SSL *ssl; SSL_CTX *ssl_ctx; @@ -76,6 +78,9 @@ enum mg_ssl_if_result mg_ssl_if_conn_init( SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2); SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3); SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1); + SSL_CTX_set_session_id_context(ctx->ssl_ctx, + (void *) mg_default_session_id_context, + strlen(mg_default_session_id_context)); #ifdef MG_SSL_OPENSSL_NO_COMPRESSION SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_COMPRESSION); #endif