moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00
Code Issues Releases Wiki Activity

gnutls: disable TLS session tickets

Browse Source 
SSL session reuse with TLS session tickets is not supported yet.
Use SSL session IDs instead.

Fixes https://github.com/curl/curl/issues/1109
This commit is contained in:
Michael Kaufmann 2017-01-28 20:06:31 +01:00
parent bcca842e0d
commit 511674ab27
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/vtls/gtls.c
View File

@ -380,6 +380,7 @@ gtls_connect_step1(struct connectdata *conn,
int sockindex) int sockindex)
{ {
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
unsigned int init_flags;
gnutls_session_t session; gnutls_session_t session;
int rc; int rc;
bool sni = TRUE; /* default is SNI enabled */ bool sni = TRUE; /* default is SNI enabled */
@ -526,7 +527,14 @@ gtls_connect_step1(struct connectdata *conn,
} }
/* Initialize TLS session as a client */ /* Initialize TLS session as a client */
rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT); init_flags = GNUTLS_CLIENT;
#if defined(GNUTLS_NO_TICKETS)
/* Disable TLS session tickets */
init_flags |= GNUTLS_NO_TICKETS;
#endif
rc = gnutls_init(&conn->ssl[sockindex].session, init_flags);
if(rc != GNUTLS_E_SUCCESS) { if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_init() failed: %d", rc); failf(data, "gnutls_init() failed: %d", rc);
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;