Lines Matching refs:session
321 /* receive renewed session ticket */
490 s->session->cipher = s->s3->tmp.new_cipher;
492 s->session->compress_meth = 0;
495 s->session->compress_meth = 0;
497 s->session->compress_meth = s->s3->tmp.new_compression->id;
691 SSL_SESSION *sess = s->session;
698 * "ticket" without a session ID.
738 /* else use the pre-loaded session */
812 i = s->session->session_id_length;
815 if (i > (int)sizeof(s->session->session_id)) {
819 memcpy(p, s->session->session_id, i);
966 s->session->ssl_version = s->version = s->method->version;
984 /* get the session-id */
987 if ((j > sizeof(s->session->session_id)) || (j > SSL3_SESSION_ID_SIZE)) {
994 * Check if we can resume the session based on external pre-shared secret.
995 * EAP-FAST (RFC 4851) supports two types of session resumption.
996 * Resumption based on server-side state works with session IDs.
999 * layer, and does not send a session ID. (We do not know whether EAP-FAST
1000 * servers would honour the session ID.) Therefore, the session ID alone
1001 * is not a reliable indicator of session resumption, so we first check if
1006 s->session->tlsext_tick) {
1008 s->session->master_key_length = sizeof(s->session->master_key);
1009 if (s->tls_session_secret_cb(s, s->session->master_key,
1010 &s->session->master_key_length,
1013 s->session->cipher = pref_cipher ?
1023 if (j != 0 && j == s->session->session_id_length
1024 && memcmp(p, s->session->session_id, j) == 0) {
1025 if (s->sid_ctx_length != s->session->sid_ctx_length
1026 || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) {
1036 * If we were trying for session-id reuse but the server
1038 * In the case of EAP-FAST and PAC, we do not send a session ID,
1039 * so the PAC-based session secret is always preserved. It'll be
1042 if (s->session->session_id_length > 0) {
1047 s->session->session_id_length = j;
1048 memcpy(s->session->session_id, p, j); /* j could be 0 */
1085 * Depending on the session caching (internal/external), the cipher
1089 if (s->session->cipher)
1090 s->session->cipher_id = s->session->cipher->id;
1091 if (s->hit && (s->session->cipher_id != c->id)) {
1120 * If compression is disabled we'd better not try to resume a session
1123 if (s->session->compress_meth != 0) {
1129 if (s->hit && j != s->session->compress_meth) {
1278 if (s->session->sess_cert)
1279 ssl_sess_cert_free(s->session->sess_cert);
1280 s->session->sess_cert = sc;
1346 if (s->session->peer != NULL)
1347 X509_free(s->session->peer);
1349 s->session->peer = x;
1354 if (s->session->peer != NULL)
1355 X509_free(s->session->peer);
1356 s->session->peer = NULL;
1358 s->session->verify_result = s->verify_result;
1428 * identity hint is sent. Set session->sess_cert anyway to avoid
1432 s->session->sess_cert = ssl_sess_cert_new();
1443 if (s->session->sess_cert != NULL) {
1445 if (s->session->sess_cert->peer_rsa_tmp != NULL) {
1446 RSA_free(s->session->sess_cert->peer_rsa_tmp);
1447 s->session->sess_cert->peer_rsa_tmp = NULL;
1451 if (s->session->sess_cert->peer_dh_tmp) {
1452 DH_free(s->session->sess_cert->peer_dh_tmp);
1453 s->session->sess_cert->peer_dh_tmp = NULL;
1457 if (s->session->sess_cert->peer_ecdh_tmp) {
1458 EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1459 s->session->sess_cert->peer_ecdh_tmp = NULL;
1463 s->session->sess_cert = ssl_sess_cert_new();
1500 s->session->psk_identity_hint = BUF_strndup((char *)p, i);
1501 if (s->session->psk_identity_hint == NULL) {
1603 X509_get_pubkey(s->session->
1611 X509_get_pubkey(s->session->
1673 X509_get_pubkey(s->session->
1686 s->session->sess_cert->peer_rsa_tmp = rsa;
1800 X509_get_pubkey(s->session->
1808 X509_get_pubkey(s->session->
1814 s->session->sess_cert->peer_dh_tmp = dh;
1920 X509_get_pubkey(s->session->
1926 X509_get_pubkey(s->session->
1931 s->session->sess_cert->peer_ecdh_tmp = ecdh;
2319 if (s->session->session_id_length > 0) {
2323 * We reused an existing session, so we need to replace it with a new
2328 * Remove the old session from the cache
2333 s->session);
2336 SSL_CTX_remove_session(s->session_ctx, s->session);
2340 if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
2346 SSL_SESSION_free(s->session);
2347 s->session = new_sess;
2350 if (s->session->tlsext_tick) {
2351 OPENSSL_free(s->session->tlsext_tick);
2352 s->session->tlsext_ticklen = 0;
2354 s->session->tlsext_tick = OPENSSL_malloc(ticklen);
2355 if (!s->session->tlsext_tick) {
2359 memcpy(s->session->tlsext_tick, p, ticklen);
2360 s->session->tlsext_tick_lifetime_hint = ticket_lifetime_hint;
2361 s->session->tlsext_ticklen = ticklen;
2363 * There are two ways to detect a resumed ticket session. One is to set
2364 * an appropriate session ID and then the server must return a match in
2365 * ServerHello. This allows the normal client session ID matching to work
2367 * other way is to set zero length session ID when the ticket is
2368 * presented and rely on the handshake to determine session resumption.
2370 * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
2374 s->session->session_id, &s->session->session_id_length,
2535 if (s->session->sess_cert == NULL) {
2544 if (s->session->sess_cert->peer_rsa_tmp != NULL)
2545 rsa = s->session->sess_cert->peer_rsa_tmp;
2548 X509_get_pubkey(s->session->
2567 s->session->master_key_length = sizeof(tmp_buf);
2593 s->session->master_key_length =
2596 session->master_key,
2721 s->session->master_key_length =
2724 session->master_key,
2735 SESS_CERT *scert = s->session->sess_cert;
2792 s->session->master_key_length =
2795 session->master_key,
2821 if (s->session->sess_cert == NULL) {
2856 if (s->session->sess_cert->peer_ecdh_tmp != NULL) {
2857 tkey = s->session->sess_cert->peer_ecdh_tmp;
2861 X509_get_pubkey(s->session->
2937 s->session->master_key_length =
2940 session->master_key,
3007 s->session->
3011 s->session->
3037 /* Generate session key */
3091 s->session->master_key_length =
3094 session->master_key,
3113 if (s->session->srp_username != NULL)
3114 OPENSSL_free(s->session->srp_username);
3115 s->session->srp_username = BUF_strdup(s->srp_ctx.login);
3116 if (s->session->srp_username == NULL) {
3122 if ((s->session->master_key_length =
3124 s->session->master_key)) <
3154 psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
3183 if (s->session->psk_identity_hint != NULL)
3184 OPENSSL_free(s->session->psk_identity_hint);
3185 s->session->psk_identity_hint =
3188 && s->session->psk_identity_hint == NULL) {
3194 if (s->session->psk_identity != NULL)
3195 OPENSSL_free(s->session->psk_identity);
3196 s->session->psk_identity = BUF_strdup(identity);
3197 if (s->session->psk_identity == NULL) {
3203 s->session->master_key_length =
3206 session->master_key,
3402 SESS_CERT *scert = s->session->sess_cert;
3531 sc = s->session->sess_cert;
3537 rsa = s->session->sess_cert->peer_rsa_tmp;
3540 dh = s->session->sess_cert->peer_dh_tmp;
3698 * Normally, we can tell if the server is resuming the session from
3699 * the session ID. EAP-FAST (RFC 4851), however, relies on the next server
3711 !s->session->tlsext_tick)