commit fd113c07c3c2a6b07f8ab69dfae7d104e769f469
author Brian Carlstrom <bdc@google.com> Fri Apr 23 15:24:16 2010 -0700
committer Brian Carlstrom <bdc@google.com> Tue May 04 10:56:21 2010 -0700
tree e1274892f7caedeb7589ce5a25dca4e15a5cda82
parent 0e804cad5b26bb5b9906553b6ae87187edb31702

Adding SSL_set_session_creation_enabled for SSLSocket.setEnableSessionCreation(false) support

SSL_set_session_creation_enabled implementation

    Add session_creation_enabled to ssl_st (aka SSL)
    Add SSL_set_session_creation_enabled(SSL*, int) declaration
    Add SSL_R_SESSION_MAY_NOT_BE_CREATED error reason

	include/openssl/ssl.h
	ssl/ssl.h

    Before creating session, check if session_creation_enabled.
    If not, error out, sending alert when possible in SSL3+ cases.

	ssl/d1_clnt.c
	ssl/s23_clnt.c
	ssl/s3_clnt.c
	ssl/s3_srvr.c

    Add error message for SSL_R_SESSION_MAY_NOT_BE_CREATED

	ssl/ssl_err.c

    Initialize session_creation_enabled to 1 in SSL_new

	ssl/ssl_lib.c

    Definition of SSL_set_session_creation_enabled.  Add lower level
    check for session_creation_enabled in ssl_get_new_session in case
    it is not caught by higher levels.

	ssl/ssl_sess.c

Patch details

    Added jsse.patch to list and add list of patched files.
    Fix whitespace to be tabs for consistency.

	openssl.config

    Add description of jsse.patch

	patches/README

    The patch itself, containing the above described changes

	patches/jsse.patch

Testing

    Updated with note to run javax.net.ssl tests now that they are working reliably.

	README.android

Change-Id: I21763ffbb29278b1c2d88d947eb780f38f637b2d

ssl/ssl.h

diff --git a/ssl/ssl.h b/ssl/ssl.h
index a05c90f..e48f42e 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1090,6 +1090,9 @@
 	/* This can also be in the session once a session is established */
 	SSL_SESSION *session;
 
+        /* This can be disabled to prevent the use of uncached sessions */
+	int session_creation_enabled;
+
 	/* Default generate session ID callback. */
 	GEN_SESSION_CB generate_session_id;
 
@@ -1568,6 +1571,7 @@
 void	SSL_SESSION_free(SSL_SESSION *ses);
 int	i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
 int	SSL_set_session(SSL *to, SSL_SESSION *session);
+void	SSL_set_session_creation_enabled(SSL *, int);
 int	SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
 int	SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
 int	SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
@@ -2213,6 +2217,7 @@
 #define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING		 345
 #define SSL_R_SERVERHELLO_TLSEXT			 275
 #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED		 277
+#define SSL_R_SESSION_MAY_NOT_BE_CREATED		 2000
 #define SSL_R_SHORT_READ				 219
 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221