Skip to content
/ src Public

Commit 8095b13

Browse files
bob-beckbob-beck
committed
Add new OpenSSL API SSL_CTX_set_num_tickets and friends.
Since we don't support session tickets in LibreSSL at the moment these functions currently do not have any effect. Again, symbols will appear with tb@'s reptar sized bump.. ok tb@
1 parent 7c805ab commit 8095b13

4 files changed

Lines changed: 94 additions & 3 deletions

File tree

lib/libssl/man/SSL_CTX_set_num_tickets.3

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
.\" $OpenBSD: SSL_CTX_set_num_tickets.3,v 1.1 2021/10/23 16:29:15 beck Exp $
2+
.\"
3+
.\" Copyright (c) 2021 Bob Beck <beck@openbsd.org>
4+
.\"
5+
.\" Permission to use, copy, modify, and distribute this software for any
6+
.\" purpose with or without fee is hereby granted, provided that the above
7+
.\" copyright notice and this permission notice appear in all copies.
8+
.\"
9+
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10+
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11+
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12+
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13+
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14+
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15+
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16+
.\"
17+
.Dd $Mdocdate: October 23 2021 $
18+
.Dt SSL_CTX_SET_NUM_TICKETS 3
19+
.Os
20+
.Sh NAME
21+
.Nm SSL_CTX_set_num_tickets ,
22+
.Nm SSL_CTX_get_num_tickets ,
23+
.Nm SSL_set_num_tickets ,
24+
.Nm SSL_get_num_tickets
25+
.Nd Set and get the number of TLS 1.3 session tickets to be sent
26+
.Sh SYNOPSIS
27+
.In openssl/ssl.h
28+
.Ft void
29+
.Fn SSL_CTX_set_num_tickets "SSL_CTX *ctx" "size_t num_tickets"
30+
.Ft SSL_CTX_get_num_tickets "const SSL_CTX *ctx"
31+
.Fn SSL_set_num_tickets "SSL *ssl" "size_t num_tickets"
32+
.Ft SSL_get_num_tickets "const SSL *ssl"
33+
.Sh DESCRIPTION
34+
These functions set, and retrieve, the configured number of session
35+
tickets from the respective objects.
36+
.Pp
37+
These functions are provided only for compatibility with OpenSSL.
38+
They have no effect in LibreSSL.
39+
.Sh RETURN VALUES
40+
.Fn SSL_CTX_set_num_tickets
41+
and
42+
.Fn SSL_set_num_tickets
43+
always return 1.
44+
.Pp
45+
.Fn SSL_CTX_get_num_tickets
46+
and
47+
.Fn SSL_get_num_tickets
48+
return the previously set number of tickets, or 0 if they have not been set.
49+
.Sh SEE ALSO
50+
.Xr ssl 3 ,
51+
.Xr SSL_CTX_new 3
52+
.Sh HISTORY
53+
These function first appeared in OpenSSL 1.1.1
54+
and have been available since
55+
.Ox 7.1 .

lib/libssl/ssl.h

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/* $OpenBSD: ssl.h,v 1.212 2021/10/23 15:30:44 beck Exp $ */
1+
/* $OpenBSD: ssl.h,v 1.213 2021/10/23 16:29:15 beck Exp $ */
22
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
33
* All rights reserved.
44
*
@@ -509,6 +509,10 @@ typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);
509509
#if defined(LIBRESSL_NEW_API)
510510
void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
511511
SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
512+
int SSL_set_num_tickets(SSL *s, size_t num_tickets);
513+
size_t SSL_get_num_tickets(const SSL *s);
514+
int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
515+
size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
512516
#endif
513517

514518
#ifndef LIBRESSL_INTERNAL

lib/libssl/ssl_lib.c

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/* $OpenBSD: ssl_lib.c,v 1.273 2021/10/23 16:11:30 tb Exp $ */
1+
/* $OpenBSD: ssl_lib.c,v 1.274 2021/10/23 16:29:15 beck Exp $ */
22
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
33
* All rights reserved.
44
*
@@ -265,6 +265,7 @@ SSL_new(SSL_CTX *ctx)
265265
s->internal->options = ctx->internal->options;
266266
s->internal->mode = ctx->internal->mode;
267267
s->internal->max_cert_list = ctx->internal->max_cert_list;
268+
s->internal->num_tickets = ctx->internal->num_tickets;
268269

269270
if ((s->cert = ssl_cert_dup(ctx->internal->cert)) == NULL)
270271
goto err;
@@ -783,6 +784,34 @@ SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
783784
return (ctx->internal->keylog_callback);
784785
}
785786

787+
int
788+
SSL_set_num_tickets(SSL *s, size_t num_tickets)
789+
{
790+
s->internal->num_tickets = num_tickets;
791+
792+
return 1;
793+
}
794+
795+
size_t
796+
SSL_get_num_tickets(const SSL *s)
797+
{
798+
return s->internal->num_tickets;
799+
}
800+
801+
int
802+
SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
803+
{
804+
ctx->internal->num_tickets = num_tickets;
805+
806+
return 1;
807+
}
808+
809+
size_t
810+
SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
811+
{
812+
return ctx->internal->num_tickets;
813+
}
814+
786815
int
787816
SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
788817
{

lib/libssl/ssl_locl.h

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/* $OpenBSD: ssl_locl.h,v 1.364 2021/10/23 15:02:27 jsing Exp $ */
1+
/* $OpenBSD: ssl_locl.h,v 1.365 2021/10/23 16:29:15 beck Exp $ */
22
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
33
* All rights reserved.
44
*
@@ -849,6 +849,7 @@ typedef struct ssl_ctx_internal_st {
849849
size_t tlsext_supportedgroups_length;
850850
uint16_t *tlsext_supportedgroups; /* our list */
851851
SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */
852+
size_t num_tickets; /* Unused, for OpenSSL compatibility */
852853
} SSL_CTX_INTERNAL;
853854

854855
struct ssl_ctx_st {
@@ -1028,6 +1029,8 @@ typedef struct ssl_internal_st {
10281029
int mac_packet;
10291030

10301031
int empty_record_count;
1032+
1033+
size_t num_tickets; /* Unused, for OpenSSL compatibility */
10311034
} SSL_INTERNAL;
10321035

10331036
struct ssl_st {

0 commit comments

Comments
 (0)