328805 - Need API for explicit setting of client session lifetimes

Status: RESOLVED DUPLICATE of bug 300163

(NSS :: Libraries, enhancement, P2)

Description

[Nelson Bolyard (seldom reads bugmail)]

Presently libSSL has two global variables that contain the default SSL2 and SSL3/TLS session lifetimes.  These variables are declared extern, but are not
exported in ssl.def, so they are inaccessible to apps that use the libSSL 
shared libraries.  

libSSL needs a supported API by which the application can get and set the 
default SSL2 and SSL3/TLS session lifetimes for the client sessions.

libSSL also needs a supported API by which the application can set the SSL2
and SSL3/TLS session lifetimes on inidividual sockets.  

Here are some thoughts on what such an API might look like.

SECStatus 
SSL_GetDefaultClientSessionLifetimes(PRUint32 *ssl2_lifetime, 
                                     PRUint32 *ssl3_lifetime);
/* set global default SSL client session target lifetimes.
 * Affects all subsequent full SSL handshakes on sockets that 
 * have not set  socket-specific lifetime targets.
 */
SECStatus
SSL_SetDefaultClientSessionLifetimes(PRUint32 ssl2_lifetime, 
                                     PRUint32 ssl3_lifetime);

SECStatus 
SSL_GetSocketClientSessionLifetimes(PRUint32 *ssl2_lifetime, 
                                    PRUint32 *ssl3_lifetime);

/*Set target lifetimes before doing handshake */
SECStatus 
SSL_SetSocketClientSessionLifetimes(PRUint32 ssl2_lifetime, 
                                    PRUint32 ssl3_lifetime);

/* Get actual session lifetime, after handshake */
SECStatus SSL_GetSocketSessionLifetime(PRUint32 *_lifetime);


Comments invited.

Comment 1

[Nelson Bolyard (seldom reads bugmail)]

Unsetting target milestone in unresolved bugs whose targets have passed.