/* * Copyright (C) 2018 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef _DNS_DNSTLSSESSIONCACHE_H #define _DNS_DNSTLSSESSIONCACHE_H #include #include #include #include namespace android { namespace net { // Cache of recently seen SSL_SESSIONs. This is used to support session tickets. // This class is thread-safe. class DnsTlsSessionCache { public: // Prepare SSL objects to use this session cache. These methods must be called // before making use of either object. void prepareSslContext(SSL_CTX* _Nonnull ssl_ctx); bool prepareSsl(SSL* _Nonnull ssl); // Get the most recently discovered session. For TLS 1.3 compatibility and // maximum privacy, each session will only be returned once, so the caller // gains ownership of the session. (Here and throughout, // bssl::UniquePtr is actually serving as a reference counted // pointer.) bssl::UniquePtr getSession() EXCLUDES(mLock); private: static constexpr size_t kMaxSize = 5; static int newSessionCallback(SSL* _Nullable ssl, SSL_SESSION* _Nullable session); std::mutex mLock; void recordSession(SSL_SESSION* _Nullable session) EXCLUDES(mLock); // Queue of sessions, from least recently added to most recently. std::deque> mSessions GUARDED_BY(mLock); }; } // end of namespace net } // end of namespace android #endif // _DNS_DNSTLSSESSIONCACHE_H