lib/libhttp
1
0
Fork 0
mirror of https://github.com/lammertb/libhttp.git synced 2025-12-22 04:02:04 +03:00
Code Activity

Use instance UID as TLS session ID

Browse Source
This commit is contained in:
bel
2015-11-09 23:12:35 +01:00
parent b3064181ae
commit dfd25b63a3
1 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/civetweb.c
View File

@@ -866,6 +866,7 @@ struct ssl_func {
#define SSL_CTX_check_private_key (*(int (*)(SSL_CTX *))ssl_sw[28].ptr) #define SSL_CTX_check_private_key (*(int (*)(SSL_CTX *))ssl_sw[28].ptr)
#define SSL_CTX_set_session_id_context \ #define SSL_CTX_set_session_id_context \
(*(int (*)(SSL_CTX *, const unsigned char *, unsigned int))ssl_sw[29].ptr) (*(int (*)(SSL_CTX *, const unsigned char *, unsigned int))ssl_sw[29].ptr)
#define CRYPTO_num_locks (*(int (*)(void))crypto_sw[0].ptr) #define CRYPTO_num_locks (*(int (*)(void))crypto_sw[0].ptr)
#define CRYPTO_set_locking_callback \ #define CRYPTO_set_locking_callback \
(*(void (*)(void (*)(int, int, const char *, int)))crypto_sw[1].ptr) (*(void (*)(void (*)(int, int, const char *, int)))crypto_sw[1].ptr)
@@ -4662,6 +4663,7 @@ bin2str(char *to, const unsigned char *p, size_t len)
*to = '\0'; *to = '\0';
} }
/* Return stringified MD5 hash for list of strings. Buffer must be 33 bytes. */ /* Return stringified MD5 hash for list of strings. Buffer must be 33 bytes. */
char * char *
mg_md5(char buf[33], ...) mg_md5(char buf[33], ...)
@@ -4684,6 +4686,7 @@ mg_md5(char buf[33], ...)
return buf; return buf;
} }
/* Check the user's password, return 1 if OK */ /* Check the user's password, return 1 if OK */
static int static int
check_password(const char *method, check_password(const char *method,
@@ -4731,6 +4734,7 @@ check_password(const char *method,
return mg_strcasecmp(response, expected_response) == 0; return mg_strcasecmp(response, expected_response) == 0;
} }
/* Use the global passwords file, if specified by auth_gpass option, /* Use the global passwords file, if specified by auth_gpass option,
* or search for .htpasswd in the requested directory. */ * or search for .htpasswd in the requested directory. */
static void static void
@@ -10157,7 +10161,10 @@ set_ssl_option(struct mg_context *ctx)
const char *ca_file; const char *ca_file;
int use_default_verify_paths; int use_default_verify_paths;
int verify_depth; int verify_depth;
int session_context_id = 1; time_t now_rt = time(NULL);
struct timespec now_mt;
md5_byte_t ssl_context_id[16];
md5_state_t md5state;
/* If PEM file is not specified and the init_ssl callback /* If PEM file is not specified and the init_ssl callback
* is not specified, skip SSL initialization. */ * is not specified, skip SSL initialization. */
@@ -10211,8 +10218,20 @@ set_ssl_option(struct mg_context *ctx)
return 1; return 1;
} }
/* Use some UID as session context ID. */
md5_init(&md5state);
md5_append(&md5state, (const md5_byte_t *)&now_rt, sizeof(now_rt));
clock_gettime(CLOCK_MONOTONIC, &now_mt);
md5_append(&md5state, (const md5_byte_t *)&now_mt, sizeof(now_mt));
md5_append(&md5state,
(const md5_byte_t *)ctx->config[LISTENING_PORTS],
strlen(ctx->config[LISTENING_PORTS]));
md5_append(&md5state, (const md5_byte_t *)ctx, sizeof(*ctx));
md5_finish(&md5state, ssl_context_id);
SSL_CTX_set_session_id_context(ctx->ssl_ctx, SSL_CTX_set_session_id_context(ctx->ssl_ctx,
&session_context_id, sizeof(int)); (const unsigned char *)&ssl_context_id,
sizeof(ssl_context_id));
if (pem != NULL) { if (pem != NULL) {
if (!ssl_use_pem_file(ctx, pem)) { if (!ssl_use_pem_file(ctx, pem)) {