[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [patch #9862] altcp_mbedtls: multiple fixes and session sav
From: |
David GIRAULT |
Subject: |
[lwip-devel] [patch #9862] altcp_mbedtls: multiple fixes and session save/restore |
Date: |
Tue, 15 Oct 2019 09:01:06 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36 |
URL:
<https://savannah.nongnu.org/patch/?9862>
Summary: altcp_mbedtls: multiple fixes and session
save/restore
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: dgirault
Submitted on: mar. 15 oct. 2019 13:01:04 UTC
Category: apps
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
_______________________________________________________
Details:
- Ensure no memory leaks and entropy counter is protected
- Use ERR_CLSD only for handshake error.
This allow better handling of handshake error in application.
- Call the application sent() callback with usefull len
First calculate and sum TLS overhead when altcp_mbedtls_write() is
called.
Then take care of it when calling application sent callback. Give
reveived
len from inner_conn, minus calculated overhead.
- Support for saving/restoring session information
According to mbedTLS source code and documentation, calls to
`mbedtls_ssl_conf_session_cache` and
`mbedtls_ssl_conf_session_tickets_cb`
are only available if mbedTLS is configured for server mode (ie.
MBEDTLS_SSL_SRV_C
is defined). This cannot be used on client mode to resume a previous
session.
To allow session reuse in client mode, application must save session
parameters
(including tickets provided by the server if any) after successfull
connection
and restore them before attemting to reconnect. Since `alctp_close()` free
the
structure, it cannot be used to store the required information.
So, two new API were added, directly wrapped to mbedTLS functions, allow
application
to do that by itself.
Also added full declaration of `struct altcp_tls_session` in altcp_tls.h
to allow
easier usage in application when using mbedTLS port.
- Ensure configuration is properly freed.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: mar. 15 oct. 2019 13:01:04 UTC Name:
0001-altcp_tls_mbedtls-ensure-configuration-is-properly-f.patch Size: 898o
By: dgirault
<http://savannah.nongnu.org/patch/download.php?file_id=47686>
-------------------------------------------------------
Date: mar. 15 oct. 2019 13:01:04 UTC Name:
0002-altcp_tls-support-for-saving-restoring-session-infor.patch Size: 4kio
By: dgirault
<http://savannah.nongnu.org/patch/download.php?file_id=47687>
-------------------------------------------------------
Date: mar. 15 oct. 2019 13:01:04 UTC Name:
0003-altcp_tls-call-the-application-sent-callback-with-us.patch Size: 6kio
By: dgirault
<http://savannah.nongnu.org/patch/download.php?file_id=47688>
-------------------------------------------------------
Date: mar. 15 oct. 2019 13:01:04 UTC Name:
0004-altcp_tls-use-ERR_CLSD-only-for-handshake-error.patch Size: 2kio By:
dgirault
<http://savannah.nongnu.org/patch/download.php?file_id=47689>
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/patch/?9862>
_______________________________________________
Message posté via Savannah
https://savannah.nongnu.org/
- [lwip-devel] [patch #9862] altcp_mbedtls: multiple fixes and session save/restore,
David GIRAULT <=