diff options
| author |  Nikos Mavrogiannopoulos
| 2010-06-27 19:55:53 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos
| 2010-06-27 19:55:53 +0200 |
| commit | 0c8fdb63e6dc3116929f6d0c3e746ed6fb29db28 (patch) | |
| tree | 66bec257ee7fb4660072ef25661e0ff648d3a51e /src | |
| parent | a266f459657af99c3633af255f37d71a480c63ae (diff) | |
Added support for session tickets.
Diffstat (limited to 'src')
| -rw-r--r-- | src/gnutls_hooks.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 9ebf771..4155158 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c | |||
| @@ -33,6 +33,7 @@ static apr_file_t *debug_log_fp; | |||
| 33 | #endif | 33 | #endif |
| 34 | 34 | ||
| 35 | static int mpm_is_threaded; | 35 | static int mpm_is_threaded; |
| 36 | static gnutls_datum session_ticket_key = { NULL, 0 }; | ||
| 36 | 37 | ||
| 37 | static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt); | 38 | static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt); |
| 38 | /* use side==0 for server and side==1 for client */ | 39 | /* use side==0 for server and side==1 for client */ |
| @@ -97,6 +98,11 @@ int ret; | |||
| 97 | _gnutls_log(debug_log_fp, "gnutls_global_init: %s\n", gnutls_strerror(ret)); | 98 | _gnutls_log(debug_log_fp, "gnutls_global_init: %s\n", gnutls_strerror(ret)); |
| 98 | return -3; | 99 | return -3; |
| 99 | } | 100 | } |
| 101 | |||
| 102 | ret = gnutls_session_ticket_key_generate( &session_ticket_key); | ||
| 103 | if (ret < 0) { | ||
| 104 | _gnutls_log(debug_log_fp, "gnutls_session_ticket_key_generate: %s\n", gnutls_strerror(ret)); | ||
| 105 | } | ||
| 100 | 106 | ||
| 101 | apr_pool_cleanup_register(pconf, NULL, mgs_cleanup_pre_config, | 107 | apr_pool_cleanup_register(pconf, NULL, mgs_cleanup_pre_config, |
| 102 | apr_pool_cleanup_null); | 108 | apr_pool_cleanup_null); |
| @@ -144,7 +150,7 @@ static int mgs_select_virtual_server_cb(gnutls_session_t session) | |||
| 144 | /* update the priorities - to avoid negotiating a ciphersuite that is not | 150 | /* update the priorities - to avoid negotiating a ciphersuite that is not |
| 145 | * enabled on this virtual server. Note that here we ignore the version | 151 | * enabled on this virtual server. Note that here we ignore the version |
| 146 | * negotiation. | 152 | * negotiation. |
| 147 | */ | 153 | */ |
| 148 | ret = gnutls_priority_set(session, ctxt->sc->priorities); | 154 | ret = gnutls_priority_set(session, ctxt->sc->priorities); |
| 149 | /* actually it shouldn't fail since we have checked at startup */ | 155 | /* actually it shouldn't fail since we have checked at startup */ |
| 150 | if (ret < 0) | 156 | if (ret < 0) |
| @@ -658,6 +664,8 @@ static mgs_handle_t *create_gnutls_handle(apr_pool_t * pool, conn_rec * c) | |||
| 658 | ctxt->output_length = 0; | 664 | ctxt->output_length = 0; |
| 659 | 665 | ||
| 660 | gnutls_init(&ctxt->session, GNUTLS_SERVER); | 666 | gnutls_init(&ctxt->session, GNUTLS_SERVER); |
| 667 | if (session_ticket_key.data != NULL) | ||
| 668 | gnutls_session_ticket_enable_server(ctxt->session, &session_ticket_key); | ||
| 661 | 669 | ||
| 662 | /* because we don't set any default priorities here (we set later at | 670 | /* because we don't set any default priorities here (we set later at |
| 663 | * the user hello callback) we need to at least set this in order for | 671 | * the user hello callback) we need to at least set this in order for |