diff options
author | Nikos Mavrogiannopoulos | 2010-07-01 03:09:56 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos | 2010-07-01 03:09:56 +0200 |
commit | ae233c2446cd31680dd53616ab8882427e861ebc (patch) | |
tree | 681d5b28d283c5ea2d8248d16d5ce23dc27df165 | |
parent | 7b3e5de119e3a435c062d48295a227a3ff673f24 (diff) |
Added option to turn on/off session tickets.
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | include/mod_gnutls.h.in | 3 | ||||
-rw-r--r-- | src/gnutls_config.c | 16 | ||||
-rw-r--r-- | src/gnutls_hooks.c | 2 | ||||
-rw-r--r-- | src/mod_gnutls.c | 4 |
5 files changed, 26 insertions, 2 deletions
@@ -8,7 +8,8 @@ | |||
8 | - Added support for session tickets. This allows a | 8 | - Added support for session tickets. This allows a |
9 | server to avoid using a session cache and still support | 9 | server to avoid using a session cache and still support |
10 | session resumption. This is at the cost of transporting | 10 | session resumption. This is at the cost of transporting |
11 | session data during handshake. | 11 | session data during handshake. New option |
12 | GnuTLSSessionTickets [on|off] | ||
12 | 13 | ||
13 | - Depend on gnutls 2.10.0 to force support for safe | 14 | - Depend on gnutls 2.10.0 to force support for safe |
14 | renegotiation. | 15 | renegotiation. |
diff --git a/include/mod_gnutls.h.in b/include/mod_gnutls.h.in index 40d0c40..5bb8514 100644 --- a/include/mod_gnutls.h.in +++ b/include/mod_gnutls.h.in | |||
@@ -109,6 +109,7 @@ typedef struct | |||
109 | unsigned int ca_list_size; | 109 | unsigned int ca_list_size; |
110 | int client_verify_mode; | 110 | int client_verify_mode; |
111 | apr_time_t last_cache_check; | 111 | apr_time_t last_cache_check; |
112 | int tickets; /* whether session tickets are allowed */ | ||
112 | } mgs_srvconf_rec; | 113 | } mgs_srvconf_rec; |
113 | 114 | ||
114 | typedef struct { | 115 | typedef struct { |
@@ -280,6 +281,8 @@ const char *mgs_set_export_certificates_enabled(cmd_parms * parms, void *dummy, | |||
280 | const char *arg); | 281 | const char *arg); |
281 | const char *mgs_set_priorities(cmd_parms * parms, void *dummy, | 282 | const char *mgs_set_priorities(cmd_parms * parms, void *dummy, |
282 | const char *arg); | 283 | const char *arg); |
284 | const char *mgs_set_tickets(cmd_parms * parms, void *dummy, | ||
285 | const char *arg); | ||
283 | 286 | ||
284 | const char *mgs_set_require_section(cmd_parms *cmd, | 287 | const char *mgs_set_require_section(cmd_parms *cmd, |
285 | void *mconfig, const char *arg); | 288 | void *mconfig, const char *arg); |
diff --git a/src/gnutls_config.c b/src/gnutls_config.c index d75e785..ca26a2d 100644 --- a/src/gnutls_config.c +++ b/src/gnutls_config.c | |||
@@ -285,6 +285,22 @@ const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy, | |||
285 | return NULL; | 285 | return NULL; |
286 | } | 286 | } |
287 | 287 | ||
288 | const char *mgs_set_tickets(cmd_parms * parms, void *dummy, | ||
289 | const char *arg) | ||
290 | { | ||
291 | mgs_srvconf_rec *sc = | ||
292 | (mgs_srvconf_rec *) ap_get_module_config(parms->server-> | ||
293 | module_config, | ||
294 | &gnutls_module); | ||
295 | |||
296 | sc->tickets = 0; | ||
297 | if (strcasecmp("on", arg) == 0) { | ||
298 | sc->tickets = 1; | ||
299 | } | ||
300 | |||
301 | return NULL; | ||
302 | } | ||
303 | |||
288 | 304 | ||
289 | #ifdef ENABLE_SRP | 305 | #ifdef ENABLE_SRP |
290 | 306 | ||
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 2130cb0..032e6f3 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c | |||
@@ -673,7 +673,7 @@ static mgs_handle_t *create_gnutls_handle(apr_pool_t * pool, conn_rec * c) | |||
673 | ctxt->output_length = 0; | 673 | ctxt->output_length = 0; |
674 | 674 | ||
675 | gnutls_init(&ctxt->session, GNUTLS_SERVER); | 675 | gnutls_init(&ctxt->session, GNUTLS_SERVER); |
676 | if (session_ticket_key.data != NULL) | 676 | if (session_ticket_key.data != NULL && ctxt->sc->tickets != 0) |
677 | gnutls_session_ticket_enable_server(ctxt->session, &session_ticket_key); | 677 | gnutls_session_ticket_enable_server(ctxt->session, &session_ticket_key); |
678 | 678 | ||
679 | /* because we don't set any default priorities here (we set later at | 679 | /* because we don't set any default priorities here (we set later at |
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index 08e7dba..c95d183 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c | |||
@@ -121,6 +121,10 @@ static const command_rec mgs_config_cmds[] = { | |||
121 | NULL, | 121 | NULL, |
122 | RSRC_CONF, | 122 | RSRC_CONF, |
123 | "Cache Configuration"), | 123 | "Cache Configuration"), |
124 | AP_INIT_TAKE1("GnuTLSSessionTickets", mgs_set_tickets, | ||
125 | NULL, | ||
126 | RSRC_CONF, | ||
127 | "Session Tickets Configuration"), | ||
124 | AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities, | 128 | AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities, |
125 | NULL, | 129 | NULL, |
126 | RSRC_CONF, | 130 | RSRC_CONF, |