File ssl_cache.h

SSL session cache implementation.

SECTION: Module settings

The configuration options you can set for this module are in this section. Either change them in mbedtls_config.h or define them on the compiler command line.

MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT

1 day

MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES

Maximum entries in cache

Typedefs

typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context
typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry

Functions

void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache)

Initialize an SSL cache context.

Parameters

cache – SSL cache context

int mbedtls_ssl_cache_get(void *data, unsigned char const *session_id, size_t session_id_len, mbedtls_ssl_session *session)

Cache get callback implementation (Thread-safe if MBEDTLS_THREADING_C is enabled)

Parameters

  • data – The SSL cache context to use.

  • session_id – The pointer to the buffer holding the session ID for the session to load.

  • session_id_len – The length of session_id in bytes.

  • session – The address at which to store the session associated with session_id, if present.

Returns

0 on success.

Returns

MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND if there is no cache entry with specified session ID found, or any other negative error code for other failures.

int mbedtls_ssl_cache_set(void *data, unsigned char const *session_id, size_t session_id_len, const mbedtls_ssl_session *session)

Cache set callback implementation (Thread-safe if MBEDTLS_THREADING_C is enabled)

Parameters

  • data – The SSL cache context to use.

  • session_id – The pointer to the buffer holding the session ID associated to session.

  • session_id_len – The length of session_id in bytes.

  • session – The session to store.

Returns

0 on success.

Returns

A negative error code on failure.

int mbedtls_ssl_cache_remove(void *data, unsigned char const *session_id, size_t session_id_len)

Remove the cache entry by the session ID (Thread-safe if MBEDTLS_THREADING_C is enabled)

Parameters

  • data – The SSL cache context to use.

  • session_id – The pointer to the buffer holding the session ID associated to session.

  • session_id_len – The length of session_id in bytes.

Returns

0 on success. This indicates the cache entry for the session with provided ID is removed or does not exist.

Returns

A negative error code on failure.

void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout)

Set the cache timeout (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day))

A timeout of 0 indicates no timeout.

Parameters

  • cache – SSL cache context

  • timeout – cache entry timeout in seconds

static inline int mbedtls_ssl_cache_get_timeout(mbedtls_ssl_cache_context *cache)

Get the cache timeout. 

            A timeout of 0 indicates no timeout.
Parameters

cache – SSL cache context

Returns

cache entry timeout in seconds

void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max)

Set the maximum number of cache entries (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50))

Parameters

  • cache – SSL cache context

  • max – cache entry maximum

void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache)

Free referenced items in a cache context and clear memory.

Parameters

cache – SSL cache context

struct mbedtls_ssl_cache_entry
#include <ssl_cache.h>

This structure is used for storing cache entries.

Public Members

mbedtls_time_t private_timestamp

entry timestamp

unsigned char private_session_id[32]

session ID

size_t private_session_id_len
unsigned char *private_session

serialized session

size_t private_session_len
mbedtls_ssl_cache_entry *private_next

chain pointer

struct mbedtls_ssl_cache_context
#include <ssl_cache.h>

Cache context.

Public Members

mbedtls_ssl_cache_entry *private_chain

start of the chain

int private_timeout

cache entry timeout

int private_max_entries

maximum entries

mbedtls_threading_mutex_t private_mutex

mutex