Added option to turn on/off session tickets.

3 files changed, 21 insertions, 1 deletions

diff --git a/src/gnutls_config.c b/src/gnutls_config.c
index d75e785..ca26a2d 100644
--- a/src/gnutls_config.c
+++ b/src/gnutls_config.c
@@ -285,6 +285,22 @@ const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy,
     return NULL;
 }
 
+const char *mgs_set_tickets(cmd_parms * parms, void *dummy,
+                                     const char *arg)
+{
+    mgs_srvconf_rec *sc =
+        (mgs_srvconf_rec *) ap_get_module_config(parms->server->
+                                                 module_config,
+                                                 &gnutls_module);
+
+    sc->tickets = 0;
+    if (strcasecmp("on", arg) == 0) {
+        sc->tickets = 1;
+    }
+
+    return NULL;
+}
+
 
 #ifdef ENABLE_SRP
 
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 2130cb0..032e6f3 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -673,7 +673,7 @@ static mgs_handle_t *create_gnutls_handle(apr_pool_t * pool, conn_rec * c)
     ctxt->output_length = 0;
 
     gnutls_init(&ctxt->session, GNUTLS_SERVER);
-    if (session_ticket_key.data != NULL)
+    if (session_ticket_key.data != NULL && ctxt->sc->tickets != 0)
         gnutls_session_ticket_enable_server(ctxt->session, &session_ticket_key);
 
     /* because we don't set any default priorities here (we set later at
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index 08e7dba..c95d183 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -121,6 +121,10 @@ static const command_rec mgs_config_cmds[] = {
                   NULL,
                   RSRC_CONF,
                   "Cache Configuration"),
+    AP_INIT_TAKE1("GnuTLSSessionTickets", mgs_set_tickets,
+                  NULL,
+                  RSRC_CONF,
+                  "Session Tickets Configuration"),
     AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities,
                   NULL,
                   RSRC_CONF,