diff options
author | Nikos Mavrogiannopoulos | 2010-06-27 19:55:53 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos | 2010-06-27 19:55:53 +0200 |
commit | 0c8fdb63e6dc3116929f6d0c3e746ed6fb29db28 (patch) | |
tree | 66bec257ee7fb4660072ef25661e0ff648d3a51e /src | |
parent | a266f459657af99c3633af255f37d71a480c63ae (diff) |
Added support for session tickets.
Diffstat (limited to 'src')
-rw-r--r-- | src/gnutls_hooks.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 9ebf771..4155158 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c | |||
@@ -33,6 +33,7 @@ static apr_file_t *debug_log_fp; | |||
33 | #endif | 33 | #endif |
34 | 34 | ||
35 | static int mpm_is_threaded; | 35 | static int mpm_is_threaded; |
36 | static gnutls_datum session_ticket_key = { NULL, 0 }; | ||
36 | 37 | ||
37 | static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt); | 38 | static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt); |
38 | /* use side==0 for server and side==1 for client */ | 39 | /* use side==0 for server and side==1 for client */ |
@@ -97,6 +98,11 @@ int ret; | |||
97 | _gnutls_log(debug_log_fp, "gnutls_global_init: %s\n", gnutls_strerror(ret)); | 98 | _gnutls_log(debug_log_fp, "gnutls_global_init: %s\n", gnutls_strerror(ret)); |
98 | return -3; | 99 | return -3; |
99 | } | 100 | } |
101 | |||
102 | ret = gnutls_session_ticket_key_generate( &session_ticket_key); | ||
103 | if (ret < 0) { | ||
104 | _gnutls_log(debug_log_fp, "gnutls_session_ticket_key_generate: %s\n", gnutls_strerror(ret)); | ||
105 | } | ||
100 | 106 | ||
101 | apr_pool_cleanup_register(pconf, NULL, mgs_cleanup_pre_config, | 107 | apr_pool_cleanup_register(pconf, NULL, mgs_cleanup_pre_config, |
102 | apr_pool_cleanup_null); | 108 | apr_pool_cleanup_null); |
@@ -144,7 +150,7 @@ static int mgs_select_virtual_server_cb(gnutls_session_t session) | |||
144 | /* update the priorities - to avoid negotiating a ciphersuite that is not | 150 | /* update the priorities - to avoid negotiating a ciphersuite that is not |
145 | * enabled on this virtual server. Note that here we ignore the version | 151 | * enabled on this virtual server. Note that here we ignore the version |
146 | * negotiation. | 152 | * negotiation. |
147 | */ | 153 | */ |
148 | ret = gnutls_priority_set(session, ctxt->sc->priorities); | 154 | ret = gnutls_priority_set(session, ctxt->sc->priorities); |
149 | /* actually it shouldn't fail since we have checked at startup */ | 155 | /* actually it shouldn't fail since we have checked at startup */ |
150 | if (ret < 0) | 156 | if (ret < 0) |
@@ -658,6 +664,8 @@ static mgs_handle_t *create_gnutls_handle(apr_pool_t * pool, conn_rec * c) | |||
658 | ctxt->output_length = 0; | 664 | ctxt->output_length = 0; |
659 | 665 | ||
660 | gnutls_init(&ctxt->session, GNUTLS_SERVER); | 666 | gnutls_init(&ctxt->session, GNUTLS_SERVER); |
667 | if (session_ticket_key.data != NULL) | ||
668 | gnutls_session_ticket_enable_server(ctxt->session, &session_ticket_key); | ||
661 | 669 | ||
662 | /* because we don't set any default priorities here (we set later at | 670 | /* because we don't set any default priorities here (we set later at |
663 | * the user hello callback) we need to at least set this in order for | 671 | * the user hello callback) we need to at least set this in order for |