ssl_server2: Add options to support cache removal

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2025-01-26 12:35:20 +00:00 · 2023-03-07 14:51:09 +08:00 · 2023-03-07 14:51:09 +08:00 · 753d02ffd4
commit 753d02ffd4
parent 7b6299b49b
1 changed files with 19 additions and 1 deletions
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -127,6 +127,7 @@ int main(void)
 #define DFL_TICKET_AEAD         MBEDTLS_CIPHER_AES_256_GCM
 #define DFL_CACHE_MAX           -1
 #define DFL_CACHE_TIMEOUT       -1
+#define DFL_CACHE_REMOVE        0
 #define DFL_SNI                 NULL
 #define DFL_ALPN_STRING         NULL
 #define DFL_CURVES              NULL
@ -326,9 +327,12 @@ int main(void)
 #else
 #define USAGE_CACHE_TIME ""
 #endif
+#define USAGE_CACHE_REMOVE                                      \
+    "    cache_remove=%%d     default: 0 (disabled)\n"
 #else
 #define USAGE_CACHE ""
 #define USAGE_CACHE_TIME ""
+#define USAGE_CACHE_REMOVE ""
 #endif /* MBEDTLS_SSL_CACHE_C */

 #if defined(SNI_OPTION)
@ -549,6 +553,7 @@ int main(void)
    USAGE_NSS_KEYLOG_FILE                                   \
    USAGE_CACHE                                             \
    USAGE_CACHE_TIME                                        \
+    USAGE_CACHE_REMOVE                                      \
    USAGE_MAX_FRAG_LEN                                      \
    USAGE_ALPN                                              \
    USAGE_EMS                                               \
@ -667,6 +672,7 @@ struct options {
 #if defined(MBEDTLS_HAVE_TIME)
    int cache_timeout;          /* expiration delay of session cache entries*/
 #endif
+    int cache_remove;           /* enable / disable cache removement        */
    char *sni;                  /* string describing sni information        */
    const char *curves;         /* list of supported elliptic curves        */
    const char *sig_algs;       /* supported TLS 1.3 signature algorithms   */
@ -1729,6 +1735,7 @@ usage:
 #if defined(MBEDTLS_HAVE_TIME)
    opt.cache_timeout       = DFL_CACHE_TIMEOUT;
 #endif
+    opt.cache_remove        = DFL_CACHE_REMOVE;
    opt.sni                 = DFL_SNI;
    opt.alpn_string         = DFL_ALPN_STRING;
    opt.curves              = DFL_CURVES;
@ -2142,7 +2149,12 @@ usage:
            }
        }
 #endif
-        else if (strcmp(p, "cookies") == 0) {
+        else if (strcmp(p, "cache_remove") == 0) {
+            opt.cache_remove = atoi(q);
+            if (opt.cache_remove < 0 || opt.cache_remove > 1) {
+                goto usage;
+            }
+        } else if (strcmp(p, "cookies") == 0) {
            opt.cookies = atoi(q);
            if (opt.cookies < -1 || opt.cookies > 1) {
                goto usage;
@ -4125,6 +4137,12 @@ close_notify:

    mbedtls_printf(" done\n");

+#if defined(MBEDTLS_SSL_CACHE_C)
+    if (opt.cache_remove > 0) {
+        mbedtls_ssl_cache_remove(&cache, ssl.session->id, ssl.session->id_len);
+    }
+#endif
+
    goto reset;

    /*