DTLS handshake now works with Cisco too.

But it's still more in proof-of-concept-stage, because session ids and cookies are static. FossilOrigin-Name: e8dcc3398c4dc166ef07c15ad43b64ee72aa330c183b01a2afbb27f5fa54eba7
2014-08-03 11:31:11 +00:00 · 2014-08-03 11:31:11 +00:00 · cdfcdc4a04
parent f316dc077f
commit cdfcdc4a04
1 changed files with 14 additions and 1 deletions
--- a/src/capwap/dtls_openssl.c
+++ b/src/capwap/dtls_openssl.c
@ -179,6 +179,17 @@ int dtls_openssl_set_certs(struct conn * conn, struct dtls_openssl_data *d)
 }


+int generate_session_id(const SSL *ssl, unsigned char * id, unsigned int *id_len)
+{
+	printf ("MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMagin session id\n");
+	const char * sessid = "7u83sessid";
+	memcpy(id,sessid,strlen(sessid));
+	*id_len=strlen(sessid);
+	return 1;
+}
+
+
+
 int dtls_verify_callback (int ok, X509_STORE_CTX *ctx) {


@ -214,11 +225,13 @@ struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SS
 		return 0;
 	}

-	SSL_CTX_set_session_cache_mode(d->ctx, SSL_SESS_CACHE_OFF);
+	SSL_CTX_set_session_cache_mode(d->ctx, SSL_SESS_CACHE_BOTH);
 	SSL_CTX_set_options(d->ctx, SSL_OP_COOKIE_EXCHANGE);

 	SSL_CTX_set_cookie_generate_cb(d->ctx, dtls_openssl_generate_cookie);
 	SSL_CTX_set_cookie_verify_cb(d->ctx, dtls_openssl_verify_cookie);
+	SSL_CTX_set_generate_session_id(d->ctx,generate_session_id);
+

 	SSL_CTX_set_verify(d->ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, dtls_verify_callback);