Added option to turn on/off session tickets.

author: Nikos Mavrogiannopoulos 2010-07-01 03:09:56 +0200
committer: Nikos Mavrogiannopoulos 2010-07-01 03:09:56 +0200
commit: 36c02797b672ed5ed937c798bd97aeeb7394f038 (patch)
tree: 681d5b28d283c5ea2d8248d16d5ce23dc27df165
parent: 47e0ccc66d3ed9112140ae9ec75394d7fa4bf5e1 (diff)
5 files changed, 26 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index d7bb44f..d5b68b6 100644
--- a/NEWS
+++ b/NEWS
@@ -8,7 +8,8 @@
 - Added support for session tickets. This allows a
  server to avoid using a session cache and still support
  session resumption. This is at the cost of transporting
-  session data during handshake.
+  session data during handshake. New option
+  GnuTLSSessionTickets [on|off]
 - Depend on gnutls 2.10.0 to force support for safe
  renegotiation.
diff --git a/include/mod_gnutls.h.in b/include/mod_gnutls.h.in
index 40d0c40..5bb8514 100644
--- a/include/mod_gnutls.h.in
+++ b/include/mod_gnutls.h.in
@@ -109,6 +109,7 @@ typedef struct
    unsigned int ca_list_size;
    int client_verify_mode;
    apr_time_t last_cache_check;
+    int tickets; /* whether session tickets are allowed */
 } mgs_srvconf_rec;
 typedef struct {
@@ -280,6 +281,8 @@ const char *mgs_set_export_certificates_enabled(cmd_parms * parms, void *dummy,
                            const char *arg);
 const char *mgs_set_priorities(cmd_parms * parms, void *dummy,
                            const char *arg);
+const char *mgs_set_tickets(cmd_parms * parms, void *dummy,
+                            const char *arg);
                            
 const char *mgs_set_require_section(cmd_parms *cmd, 
                                    void *mconfig, const char *arg);
diff --git a/src/gnutls_config.c b/src/gnutls_config.c
index d75e785..ca26a2d 100644
--- a/src/gnutls_config.c
+++ b/src/gnutls_config.c
@@ -285,6 +285,22 @@ const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy,
    return NULL;
 }
+const char *mgs_set_tickets(cmd_parms * parms, void *dummy,
+                                     const char *arg)
+{
+    mgs_srvconf_rec *sc =
+        (mgs_srvconf_rec *) ap_get_module_config(parms->server->
+                                                 module_config,
+                                                 &gnutls_module);
+    sc->tickets = 0;
+    if (strcasecmp("on", arg) == 0) {
+        sc->tickets = 1;
+    }
+    return NULL;
+}
 #ifdef ENABLE_SRP
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 2130cb0..032e6f3 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -673,7 +673,7 @@ static mgs_handle_t *create_gnutls_handle(apr_pool_t * pool, conn_rec * c)
    ctxt->output_length = 0;
    gnutls_init(&ctxt->session, GNUTLS_SERVER);
-    if (session_ticket_key.data != NULL)
+    if (session_ticket_key.data != NULL && ctxt->sc->tickets != 0)
        gnutls_session_ticket_enable_server(ctxt->session, &session_ticket_key);
    /* because we don't set any default priorities here (we set later at
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index 08e7dba..c95d183 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -121,6 +121,10 @@ static const command_rec mgs_config_cmds[] = {
                  NULL,
                  RSRC_CONF,
                  "Cache Configuration"),
+    AP_INIT_TAKE1("GnuTLSSessionTickets", mgs_set_tickets,
+                  NULL,
+                  RSRC_CONF,
+                  "Session Tickets Configuration"),
    AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities,
                  NULL,
                  RSRC_CONF,
author	Nikos Mavrogiannopoulos	2010-07-01 03:09:56 +0200
committer	Nikos Mavrogiannopoulos	2010-07-01 03:09:56 +0200
commit	36c02797b672ed5ed937c798bd97aeeb7394f038 (patch)
tree	681d5b28d283c5ea2d8248d16d5ce23dc27df165
parent	47e0ccc66d3ed9112140ae9ec75394d7fa4bf5e1 (diff)