tls_create_object(): Move setting client state and auto-retry into connection_new and add setting connection session.

2018-11-15 13:23:00 +00:00 · 2018-11-15 13:23:00 +00:00 · ffd1136e94
parent d9fdd4c10d
commit ffd1136e94
3 changed files with 18 additions and 6 deletions
--- a/src/openssl/tls.c
+++ b/src/openssl/tls.c
@ -261,6 +261,11 @@ _getdns_tls_connection* _getdns_tls_connection_new(_getdns_tls_context* ctx, int
 		return NULL;
 	}
 	/* Connection is a client. */
 	SSL_set_connect_state(res->ssl);
 	/* If non-application data received, retry read. */
 	SSL_set_mode(res->ssl, SSL_MODE_AUTO_RETRY);
 	return res;
 }
@ -309,6 +314,15 @@ getdns_return_t _getdns_tls_connection_set_curves_list(_getdns_tls_connection* c
 	return GETDNS_RETURN_GOOD;
 }
 getdns_return_t _getdns_tls_connection_set_session(_getdns_tls_connection* conn, _getdns_tls_session* s)
 {
 	if (!conn || !conn->ssl || !s || !s->ssl)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 	if (!SSL_set_session(conn->ssl, s->ssl))
 		return GETDNS_RETURN_GENERIC_ERROR;
 	return GETDNS_RETURN_GOOD;
 }
 _getdns_tls_session* _getdns_tls_connection_get_session(_getdns_tls_connection* conn)
 {
 	_getdns_tls_session* res;
--- a/src/openssl/tls.h
+++ b/src/openssl/tls.h
@ -75,9 +75,10 @@ getdns_return_t _getdns_tls_connection_shutdown(_getdns_tls_connection* conn);
 getdns_return_t _getdns_tls_connection_set_cipher_list(_getdns_tls_connection* conn, const char* list);
 getdns_return_t _getdns_tls_connection_set_curves_list(_getdns_tls_connection* conn, const char* list);
 getdns_return_t _getdns_tls_connection_set_session(_getdns_tls_connection* conn, _getdns_tls_session* s);
 _getdns_tls_session* _getdns_tls_connection_get_session(_getdns_tls_connection* conn);
-getdns_return_t _getdns_tls_session_free(_getdns_tls_session* ctx);
+getdns_return_t _getdns_tls_session_free(_getdns_tls_session* s);
 getdns_return_t _getdns_tls_get_api_information(getdns_dict* dict);
--- a/src/stub.c
+++ b/src/stub.c
@ -925,7 +925,7 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
 	_getdns_tls_connection* tls = _getdns_tls_connection_new(context->tls_ctx, fd);
 	if(!tls) 
 		return NULL;
-#if defined(HAVE_DECL_SSL_SET1_CURVES_LIST) && HAVE_DECL_SSL_SET1_CURVES_LIST
+#if HAVE_TLS_CONN_CURVES_LIST
 	if (upstream->tls_curves_list)
 		_getdns_tls_connection_set_curves_list(tls, upstream->tls_curves_list);
 #endif
@ -1072,9 +1072,6 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
 	SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, tls_verify_callback);
 #endif
 	SSL_set_connect_state(tls->ssl);
 	(void) SSL_set_mode(tls->ssl, SSL_MODE_AUTO_RETRY);
 	/* Session resumption. There are trade-offs here. Want to do it when
 	   possible only if we have the right type of connection. Note a change
 	   to the upstream auth info creates a new upstream so never re-uses.*/
@ -1082,7 +1079,7 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
 		if ((upstream->tls_fallback_ok == 0 &&
 		     upstream->last_tls_auth_state == GETDNS_AUTH_OK) ||
 		     upstream->tls_fallback_ok == 1) {
-			SSL_set_session(tls->ssl, upstream->tls_session->ssl);
+			_getdns_tls_connection_set_session(tls, upstream->tls_session);
 			DEBUG_STUB("%s %-35s: Attempting session re-use\n", STUB_DEBUG_SETUP_TLS, 
 			            __FUNC__);
 			}