Merge pull request #1073 from sfackler/session-stuff

Add SslCtx::{add,remove}_session
2019-03-01 12:30:51 -08:00 · 2019-03-01 12:30:51 -08:00 · effd08114a
parent 834c16d5c7 404b7f1790
commit effd08114a
3 changed files with 114 additions and 0 deletions
--- a/openssl-sys/src/ssl.rs
+++ b/openssl-sys/src/ssl.rs
@ -697,6 +697,8 @@ pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14;
 pub const SSL_CTRL_OPTIONS: c_int = 32;
 pub const SSL_CTRL_MODE: c_int = 33;
 pub const SSL_CTRL_SET_READ_AHEAD: c_int = 41;
+pub const SSL_CTRL_SET_SESS_CACHE_SIZE: c_int = 42;
+pub const SSL_CTRL_GET_SESS_CACHE_SIZE: c_int = 43;
 pub const SSL_CTRL_SET_SESS_CACHE_MODE: c_int = 44;
 pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: c_int = 53;
 pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: c_int = 54;
@ -919,6 +921,11 @@ extern "C" {
    pub fn SSL_state_string(ssl: *const SSL) -> *const c_char;
    pub fn SSL_state_string_long(ssl: *const SSL) -> *const c_char;

+    pub fn SSL_SESSION_get_time(s: *const SSL_SESSION) -> c_long;
+    pub fn SSL_SESSION_get_timeout(s: *const SSL_SESSION) -> c_long;
+    #[cfg(ossl110)]
+    pub fn SSL_SESSION_get_protocol_version(s: *const SSL_SESSION) -> c_int;
+
    #[cfg(ossl111)]
    pub fn SSL_SESSION_set_max_early_data(ctx: *mut SSL_SESSION, max_early_data: u32) -> c_int;
    #[cfg(ossl111)]
@ -930,6 +937,8 @@ extern "C" {
    pub fn SSL_SESSION_free(s: *mut SSL_SESSION);
    pub fn i2d_SSL_SESSION(s: *mut SSL_SESSION, pp: *mut *mut c_uchar) -> c_int;
    pub fn SSL_set_session(ssl: *mut SSL, session: *mut SSL_SESSION) -> c_int;
+    pub fn SSL_CTX_add_session(ctx: *mut SSL_CTX, session: *mut SSL_SESSION) -> c_int;
+    pub fn SSL_CTX_remove_session(ctx: *mut SSL_CTX, session: *mut SSL_SESSION) -> c_int;
    pub fn d2i_SSL_SESSION(
        a: *mut *mut SSL_SESSION,
        pp: *mut *const c_uchar,
@ -1217,6 +1226,14 @@ extern "C" {
    pub fn SSL_get_ex_data_X509_STORE_CTX_idx() -> c_int;
 }

+pub unsafe fn SSL_CTX_sess_set_cache_size(ctx: *mut SSL_CTX, t: c_long) -> c_long {
+    SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, t, ptr::null_mut())
+}
+
+pub unsafe fn SSL_CTX_sess_get_cache_size(ctx: *mut SSL_CTX) -> c_long {
+    SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_SIZE, 0, ptr::null_mut())
+}
+
 pub unsafe fn SSL_CTX_set_session_cache_mode(ctx: *mut SSL_CTX, m: c_long) -> c_long {
    SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, m, ptr::null_mut())
 }
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@ -1675,6 +1675,17 @@ impl SslContextBuilder {
        }
    }

+    /// Sets the context's session cache size limit, returning the previous limit.
+    ///
+    /// A value of 0 means that the cache size is unbounded.
+    ///
+    /// This corresponds to [`SSL_CTX_sess_get_cache_size`].
+    ///
+    /// [`SSL_CTX_sess_get_cache_size`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_sess_set_cache_size.html
+    pub fn set_session_cache_size(&mut self, size: i32) -> i64 {
+        unsafe { ffi::SSL_CTX_sess_set_cache_size(self.as_ptr(), size.into()).into() }
+    }
+
    /// Consumes the builder, returning a new `SslContext`.
    pub fn build(self) -> SslContext {
        self.0
@ -1841,6 +1852,49 @@ impl SslContextRef {
    pub fn max_early_data(&self) -> u32 {
        unsafe { ffi::SSL_CTX_get_max_early_data(self.as_ptr()) }
    }
+
+    /// Adds a session to the context's cache.
+    ///
+    /// Returns `true` if the session was successfully added to the cache, and `false` if it was already present.
+    ///
+    /// This corresponds to [`SSL_CTX_add_session`].
+    ///
+    /// # Safety
+    ///
+    /// The caller of this method is responsible for ensuring that the session has never been used with another
+    /// `SslContext` than this one.
+    ///
+    /// [`SSL_CTX_add_session`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_remove_session.html
+    pub unsafe fn add_session(&self, session: &SslSessionRef) -> bool {
+        ffi::SSL_CTX_add_session(self.as_ptr(), session.as_ptr()) != 0
+    }
+
+    /// Removes a session from the context's cache and marks it as non-resumable.
+    ///
+    /// Returns `true` if the session was successfully found and removed, and `false` otherwise.
+    ///
+    /// This corresponds to [`SSL_CTX_remove_session`].
+    ///
+    /// # Safety
+    ///
+    /// The caller of this method is responsible for ensuring that the session has never been used with another
+    /// `SslContext` than this one.
+    ///
+    /// [`SSL_CTX_remove_session`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_remove_session.html
+    pub unsafe fn remove_session(&self, session: &SslSessionRef) -> bool {
+        ffi::SSL_CTX_remove_session(self.as_ptr(), session.as_ptr()) != 0
+    }
+
+    /// Returns the context's session cache size limit.
+    ///
+    /// A value of 0 means that the cache size is unbounded.
+    ///
+    /// This corresponds to [`SSL_CTX_sess_get_cache_size`].
+    ///
+    /// [`SSL_CTX_sess_get_cache_size`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_sess_set_cache_size.html
+    pub fn session_cache_size(&self) -> i64 {
+        unsafe { ffi::SSL_CTX_sess_get_cache_size(self.as_ptr()).into() }
+    }
 }

 /// Information about the state of a cipher.
@ -2097,6 +2151,41 @@ impl SslSessionRef {
        unsafe { ffi::SSL_SESSION_get_max_early_data(self.as_ptr()) }
    }

+    /// Returns the time at which the session was established, in seconds since the Unix epoch.
+    ///
+    /// This corresponds to [`SSL_SESSION_get_time`].
+    ///
+    /// [`SSL_SESSION_get_time`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_time.html
+    pub fn time(&self) -> i64 {
+        unsafe { ffi::SSL_SESSION_get_time(self.as_ptr()) as i64 }
+    }
+
+    /// Returns the sessions timeout, in seconds.
+    ///
+    /// A session older than this time should not be used for session resumption.
+    ///
+    /// This corresponds to [`SSL_SESSION_get_timeout`].
+    ///
+    /// [`SSL_SESSION_get_timeout`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_time.html
+    pub fn timeout(&self) -> i64 {
+        unsafe { ffi::SSL_SESSION_get_timeout(self.as_ptr()) as i64 }
+    }
+
+    /// Returns the session's TLS protocol version.
+    ///
+    /// Requires OpenSSL 1.1.0 or newer.
+    ///
+    /// This corresponds to [`SSL_SESSION_get_protocol_version`].
+    ///
+    /// [`SSL_SESSION_get_protocol_version`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_time.html
+    #[cfg(ossl110)]
+    pub fn protocol_version(&self) -> SslVersion {
+        unsafe {
+            let version = ffi::SSL_SESSION_get_protocol_version(self.as_ptr());
+            SslVersion(version)
+        }
+    }
+
    to_der! {
        /// Serializes the session into a DER-encoded structure.
        ///
--- a/openssl/src/ssl/test.rs
+++ b/openssl/src/ssl/test.rs
@ -1849,3 +1849,11 @@ fn openssl_cipher_name() {

    assert_eq!(super::cipher_name("asdf"), "(NONE)");
 }
+
+#[test]
+fn session_cache_size() {
+    let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
+    ctx.set_session_cache_size(1234);
+    let ctx = ctx.build();
+    assert_eq!(ctx.session_cache_size(), 1234);
+}