Hi cxdinter,
During TLS communication, sometime we need to resume session, but how can we know current session is invalid or not?
The way this is accomplished is by calling wolfSSL_get_session on the ssl object. This will return a WOLFSSL_SESSION* effectively saving the session. Then the next time you need to resume a session you would call wolfSSL_set_session with the ssl object and the saved session to resume the session. If an error code is returned that would serve as the validity check you mentioned.
The API's are:
/* returns a WOLFSSL_SESSION object on sucess or NULL on failure */
WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl);
/* returns SSL_SUCESS on success or SSL_FAILURE on failure */
int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session);
Those API's wrap the internal API's "GetSession" and "SetSession" that are not exposed for external linking. Example code to look at would be in <wolfssl-root>/src/internal.c, the function "ProcessOldClientHello". When we are doing a resume session internally we use the internal API's "GetSession" and "SetSession", you would use a similar process but call the API wrapper functions "wolfSSL_get_session" and "wolfSSL_set_session" instead.
Let us know if you have any other questions!
Warm Regards,
Kaleb