From ae233c2446cd31680dd53616ab8882427e861ebc Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 1 Jul 2010 03:09:56 +0200 Subject: Added option to turn on/off session tickets. --- src/gnutls_config.c | 16 ++++++++++++++++ src/gnutls_hooks.c | 2 +- src/mod_gnutls.c | 4 ++++ 3 files changed, 21 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/gnutls_config.c b/src/gnutls_config.c index d75e785..ca26a2d 100644 --- a/src/gnutls_config.c +++ b/src/gnutls_config.c @@ -285,6 +285,22 @@ const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy, return NULL; } +const char *mgs_set_tickets(cmd_parms * parms, void *dummy, + const char *arg) +{ + mgs_srvconf_rec *sc = + (mgs_srvconf_rec *) ap_get_module_config(parms->server-> + module_config, + &gnutls_module); + + sc->tickets = 0; + if (strcasecmp("on", arg) == 0) { + sc->tickets = 1; + } + + return NULL; +} + #ifdef ENABLE_SRP diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 2130cb0..032e6f3 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c @@ -673,7 +673,7 @@ static mgs_handle_t *create_gnutls_handle(apr_pool_t * pool, conn_rec * c) ctxt->output_length = 0; gnutls_init(&ctxt->session, GNUTLS_SERVER); - if (session_ticket_key.data != NULL) + if (session_ticket_key.data != NULL && ctxt->sc->tickets != 0) gnutls_session_ticket_enable_server(ctxt->session, &session_ticket_key); /* because we don't set any default priorities here (we set later at diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index 08e7dba..c95d183 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c @@ -121,6 +121,10 @@ static const command_rec mgs_config_cmds[] = { NULL, RSRC_CONF, "Cache Configuration"), + AP_INIT_TAKE1("GnuTLSSessionTickets", mgs_set_tickets, + NULL, + RSRC_CONF, + "Session Tickets Configuration"), AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities, NULL, RSRC_CONF, -- cgit