-/* $OpenBSD: fetch.c,v 1.166 2018/02/07 23:04:50 procter Exp $ */
+/* $OpenBSD: fetch.c,v 1.167 2018/02/10 06:25:16 jsing Exp $ */
/* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */
/*-
cleanup_url_get:
#ifndef NOSSL
if (tls != NULL) {
+ if (tls_session_fd != -1)
+ dprintf(STDERR_FILENO, "tls session resumed: %s\n",
+ tls_conn_session_resumed(tls) ? "yes" : "no");
do {
i = tls_close(tls);
} while (i == TLS_WANT_POLLIN || i == TLS_WANT_POLLOUT);
-.\" $OpenBSD: ftp.1,v 1.107 2017/01/25 07:21:18 jmc Exp $
+.\" $OpenBSD: ftp.1,v 1.108 2018/02/10 06:25:16 jsing Exp $
.\" $NetBSD: ftp.1,v 1.22 1997/08/18 10:20:22 lukem Exp $
.\"
.\" Copyright (c) 1985, 1989, 1990, 1993
.\"
.\" @(#)ftp.1 8.3 (Berkeley) 10/9/94
.\"
-.Dd $Mdocdate: January 25 2017 $
+.Dd $Mdocdate: February 10 2018 $
.Dt FTP 1
.Os
.Sh NAME
Require the server to present a valid OCSP stapling in the TLS handshake.
.It Cm noverifytime
Disable validation of certificate times and OCSP validation.
+.It Cm session Ns = Ns Ar /path/to/session
+Specify a file to use for TLS session data.
+If this file has a non-zero length, the session data will be read from this file
+and the client will attempt to resume the TLS session with the server.
+Upon completion of a successful TLS handshake this file will be updated
+with new session data, if available.
+This file will be created if it does not already exist.
.El
.Pp
By default, server certificate validation is performed, and if it fails
-/* $OpenBSD: ftp_var.h,v 1.40 2017/01/21 08:33:07 krw Exp $ */
+/* $OpenBSD: ftp_var.h,v 1.41 2018/02/10 06:25:16 jsing Exp $ */
/* $NetBSD: ftp_var.h,v 1.18 1997/08/18 10:20:25 lukem Exp $ */
/*
#ifndef NOSSL
extern struct tls_config *tls_config;
+extern int tls_session_fd;
#endif /* !NOSSL */
-/* $OpenBSD: main.c,v 1.119 2017/01/24 23:47:34 beck Exp $ */
+/* $OpenBSD: main.c,v 1.120 2018/02/10 06:25:16 jsing Exp $ */
/* $NetBSD: main.c,v 1.24 1997/08/18 10:20:26 lukem Exp $ */
/*
#include <ctype.h>
#include <err.h>
+#include <fcntl.h>
#include <netdb.h>
#include <pwd.h>
#include <stdio.h>
#ifndef NOSSL
char * const ssl_verify_opts[] = {
-#define SSL_CAFILE 0
+#define SSL_CAFILE 0
"cafile",
-#define SSL_CAPATH 1
+#define SSL_CAPATH 1
"capath",
-#define SSL_CIPHERS 2
+#define SSL_CIPHERS 2
"ciphers",
-#define SSL_DONTVERIFY 3
+#define SSL_DONTVERIFY 3
"dont",
-#define SSL_DOVERIFY 4
+#define SSL_DOVERIFY 4
"do",
-#define SSL_VERIFYDEPTH 5
+#define SSL_VERIFYDEPTH 5
"depth",
-#define SSL_MUSTSTAPLE 6
+#define SSL_MUSTSTAPLE 6
"muststaple",
#define SSL_NOVERIFYTIME 7
"noverifytime",
+#define SSL_SESSION 8
+ "session",
NULL
};
struct tls_config *tls_config;
+int tls_session_fd = -1;
static void
process_ssl_options(char *cp)
case SSL_NOVERIFYTIME:
tls_config_insecure_noverifytime(tls_config);
break;
+ case SSL_SESSION:
+ if (str == NULL)
+ errx(1, "missing session file");
+ if ((tls_session_fd = open(str, O_RDWR|O_CREAT,
+ 0600)) == -1)
+ err(1, "failed to open or create session file "
+ "'%s'", str);
+ if (tls_config_set_session_fd(tls_config,
+ tls_session_fd) == -1)
+ errx(1, "failed to set session: %s",
+ tls_config_error(tls_config));
+ break;
default:
errx(1, "unknown -S suboption `%s'",
suboptarg ? suboptarg : "");
errx(1, "tls set ciphers failed: %s",
tls_config_error(tls_config));
}
-#endif /* !SMALL */
+#endif /* !NOSSL */
httpuseragent = NULL;
projects / openbsd / commitdiff