openssl/ssl
Benjamin Kaduk 3be08e3011 Provide SSL_CTX.stats.sess_accept for switched ctxs
We currently increment the SSL_CTX stats.sess_accept field in
tls_setup_handshake(), which is invoked from the state machine well
before ClientHello processing would have had a chance to switch
the SSL_CTX attached to the SSL object due to a provided SNI value.
However, stats.sess_accept_good is incremented in tls_finish_handshake(),
and uses the s->ctx.stats field (i.e., the new SSL_CTX that was switched
to as a result of SNI processing).  This leads to the confusing
(nonsensical) situation where stats.sess_accept_good is larger than
stats.sess_accept, as the "sess_accept" value was counted on the
s->session_ctx.

In order to provide some more useful numbers, increment
s->ctx.stats.sess_accept after SNI processing if the SNI processing
changed s->ctx to differ from s->session_ctx.  To preserve the
property that any given accept is counted only once, make the
corresponding decrement to s->session_ctx.stats.sess_accept when
doing so.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4549)
2017-10-30 10:21:10 -05:00
..
record Remove parentheses of return. 2017-10-18 16:05:06 +01:00
statem Provide SSL_CTX.stats.sess_accept for switched ctxs 2017-10-30 10:21:10 -05:00
bio_ssl.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
build.info
d1_lib.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
d1_msg.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
d1_srtp.c
methods.c Drop support for OPENSSL_NO_TLS1_3_METHOD 2017-06-30 09:41:46 +01:00
packet_locl.h TLS1.3 Padding 2017-05-02 09:44:43 +01:00
packet.c Move ossl_assert 2017-08-03 10:48:00 +01:00
pqueue.c Update copyright header 2017-07-30 17:42:00 -04:00
s3_cbc.c Move ossl_assert 2017-08-03 10:48:00 +01:00
s3_enc.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
s3_lib.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
s3_msg.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ssl_asn1.c Send and receive the ticket_nonce field in a NewSessionTicket 2017-07-07 15:02:09 +01:00
ssl_cert_table.h Add RSA-PSS key certificate type. 2017-09-20 12:50:23 +01:00
ssl_cert.c Simplify the stack reservation 2017-10-26 14:34:35 -04:00
ssl_ciph.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ssl_conf.c e_os.h removal from other headers and source files. 2017-08-30 07:20:43 +10:00
ssl_err.c Session resume broken switching contexts 2017-10-04 10:21:08 +10:00
ssl_init.c Implement Aria GCM/CCM Modes and TLS cipher suites 2017-08-30 12:33:53 +02:00
ssl_lib.c Use atomics for SSL_CTX statistics 2017-10-30 10:18:09 -05:00
ssl_locl.h Move supportedgroup ext-block fields out of NO_EC 2017-10-11 08:25:40 -05:00
ssl_mcnf.c
ssl_rsa.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ssl_sess.c Use atomics for SSL_CTX statistics 2017-10-30 10:18:09 -05:00
ssl_stat.c Fix errors in SSL_state_string_long 2017-07-31 08:55:37 -04:00
ssl_txt.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ssl_utst.c
t1_enc.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
t1_lib.c Various clean-ups 2017-10-20 22:58:46 -04:00
t1_trce.c SSL Trace improvements 2017-09-10 23:33:37 -04:00
tls13_enc.c Make sure we use the correct cipher when using the early_secret 2017-08-31 15:02:58 +01:00
tls_srp.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00