aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Zitzmann <nickzman@gmail.com>2013-04-12 12:20:10 -0600
committerNick Zitzmann <nickzman@gmail.com>2013-04-12 12:20:10 -0600
commitbc33f2200d12cc2c79920e85f94da23a27b62502 (patch)
treea990c7538d5537b8201ccc749b86203dcacb8583
parentfd399cde0060119896582f2efe6559f14753d779 (diff)
darwinssl: add TLS session resumption
This ought to speed up additional TLS handshakes, at least in theory.
-rw-r--r--lib/curl_darwinssl.c45
-rw-r--r--lib/curl_darwinssl.h3
2 files changed, 47 insertions, 1 deletions
diff --git a/lib/curl_darwinssl.c b/lib/curl_darwinssl.c
index 1b186f8d3..949a1b224 100644
--- a/lib/curl_darwinssl.c
+++ b/lib/curl_darwinssl.c
@@ -704,6 +704,8 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
#endif
size_t all_ciphers_count = 0UL, allowed_ciphers_count = 0UL, i;
SSLCipherSuite *all_ciphers = NULL, *allowed_ciphers = NULL;
+ char *ssl_sessionid;
+ size_t ssl_sessionid_len;
OSStatus err = noErr;
#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
int darwinver_maj = 0, darwinver_min = 0;
@@ -990,6 +992,38 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
Curl_safefree(all_ciphers);
Curl_safefree(allowed_ciphers);
+ /* Check if there's a cached ID we can/should use here! */
+ if(!Curl_ssl_getsessionid(conn, (void **)&ssl_sessionid,
+ &ssl_sessionid_len)) {
+ /* we got a session id, use it! */
+ err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
+ if(err != noErr) {
+ failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ /* Informational message */
+ infof(data, "SSL re-using session ID\n");
+ }
+ /* If there isn't one, then let's make one up! This has to be done prior
+ to starting the handshake. */
+ else {
+ CURLcode retcode;
+
+ ssl_sessionid = malloc(256*sizeof(char));
+ ssl_sessionid_len = snprintf(ssl_sessionid, 256, "curl:%s:%hu",
+ conn->host.name, conn->remote_port);
+ err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
+ if(err != noErr) {
+ failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ retcode = Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_sessionid_len);
+ if(retcode!= CURLE_OK) {
+ failf(data, "failed to store ssl session");
+ return retcode;
+ }
+ }
+
err = SSLSetIOFuncs(connssl->ssl_ctx, SocketRead, SocketWrite);
if(err != noErr) {
failf(data, "SSL: SSLSetIOFuncs() failed: OSStatus %d", err);
@@ -1462,6 +1496,17 @@ int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
return rc;
}
+void Curl_darwinssl_session_free(void *ptr)
+{
+ /* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a
+ cached session ID inside the Security framework. There is a private
+ function that does this, but I don't want to have to explain to you why I
+ got your application rejected from the App Store due to the use of a
+ private API, so the best we can do is free up our own char array that we
+ created way back in darwinssl_connect_step1... */
+ Curl_safefree(ptr);
+}
+
size_t Curl_darwinssl_version(char *buffer, size_t size)
{
return snprintf(buffer, size, "SecureTransport");
diff --git a/lib/curl_darwinssl.h b/lib/curl_darwinssl.h
index 183d9371c..4c0e53ff1 100644
--- a/lib/curl_darwinssl.h
+++ b/lib/curl_darwinssl.h
@@ -37,6 +37,7 @@ void Curl_darwinssl_close_all(struct SessionHandle *data);
/* close a SSL connection */
void Curl_darwinssl_close(struct connectdata *conn, int sockindex);
+void Curl_darwinssl_session_free(void *ptr);
size_t Curl_darwinssl_version(char *buffer, size_t size);
int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex);
int Curl_darwinssl_check_cxn(struct connectdata *conn);
@@ -56,7 +57,7 @@ void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
#define curlssl_cleanup() Curl_nop_stmt
#define curlssl_connect Curl_darwinssl_connect
#define curlssl_connect_nonblocking Curl_darwinssl_connect_nonblocking
-#define curlssl_session_free(x) Curl_nop_stmt
+#define curlssl_session_free(x) Curl_darwinssl_session_free(x)
#define curlssl_close_all Curl_darwinssl_close_all
#define curlssl_close Curl_darwinssl_close
#define curlssl_shutdown(x,y) 0