session tickets can be disabled

7 files changed, 34 insertions, 1 deletions

diff --git a/configure.ac b/configure.ac
index e463b5f2bf..6d4ce0227d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -781,6 +781,7 @@ if features are disabled)
   DTLS-SRTP support:    $ac_enable_srtp
   ALPN support:         $ac_enable_alpn
   OCSP support:         $ac_enable_ocsp
+  Ses. ticket support:  $ac_enable_session_tickets
   OpenPGP support:      $ac_enable_openpgp
   SRP support:          $ac_enable_srp
   PSK support:          $ac_enable_psk
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
index 6ce23efb84..35bad36f12 100644
--- a/lib/ext/session_ticket.c
+++ b/lib/ext/session_ticket.c
@@ -34,6 +34,8 @@
 #include <gnutls_extensions.h>
 #include <gnutls_constate.h>
 
+#ifdef ENABLE_SESSION_TICKETS
+
 #define KEY_NAME_SIZE SESSION_TICKET_KEY_NAME_SIZE
 #define KEY_SIZE SESSION_TICKET_KEY_SIZE
 #define IV_SIZE 12 /* GCM */
@@ -696,3 +698,5 @@ int _gnutls_recv_new_session_ticket(gnutls_session_t session)
 
 	return ret;
 }
+
+#endif
diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c
index 3d32b6a0ae..013df19a8a 100644
--- a/lib/gnutls_extensions.c
+++ b/lib/gnutls_extensions.c
@@ -340,9 +340,11 @@ int _gnutls_ext_init(void)
 		return ret;
 #endif
 
+#ifdef ENABLE_SESSION_TICKETS
 	ret = _gnutls_ext_register(&ext_mod_session_ticket);
 	if (ret != GNUTLS_E_SUCCESS)
 		return ret;
+#endif
 
 	ret = _gnutls_ext_register(&ext_mod_supported_ecc);
 	if (ret != GNUTLS_E_SUCCESS)
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index a94406d1c9..1331d92220 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2781,18 +2781,22 @@ static int _gnutls_handshake_client(gnutls_session_t session)
 		if (session->internals.resumed == RESUME_FALSE) {
 			ret = _gnutls_send_handshake_final(session, TRUE);
 			IMED_RET("send handshake final 2", ret, 1);
+#ifdef ENABLE_SESSION_TICKETS
 		} else {
 			ret = _gnutls_recv_new_session_ticket(session);
 			IMED_RET("recv handshake new session ticket", ret,
 				 1);
+#endif
 		}
 
 	case STATE16:
 		STATE = STATE16;
 		if (session->internals.resumed == RESUME_FALSE) {
+#ifdef ENABLE_SESSION_TICKETS
 			ret = _gnutls_recv_new_session_ticket(session);
 			IMED_RET("recv handshake new session ticket", ret,
 				 1);
+#endif
 		} else {
 			ret = _gnutls_recv_handshake_final(session, TRUE);
 			IMED_RET("recv handshake final", ret, 1);
@@ -3153,12 +3157,13 @@ static int _gnutls_handshake_server(gnutls_session_t session)
 		}
 
 	case STATE13:
+#ifdef ENABLE_SESSION_TICKETS
 		ret =
 		    _gnutls_send_new_session_ticket(session,
 						    AGAIN(STATE13));
 		STATE = STATE13;
 		IMED_RET("send handshake new session ticket", ret, 0);
-
+#endif
 	case STATE14:
 		STATE = STATE14;
 		if (session->internals.resumed == RESUME_FALSE) {	/* if we are not resuming */
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 1db5a48e8b..b9cbc3af86 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -403,7 +403,9 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags)
 
 	/* Enable useful extensions */
 	if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_EXTENSIONS)) {
+#ifdef ENABLE_SESSION_TICKETS
 		gnutls_session_ticket_enable_client(*session);
+#endif
 #ifdef ENABLE_OCSP
 		gnutls_ocsp_status_request_enable_client(*session, NULL, 0,
 							 NULL);
diff --git a/m4/hooks.m4 b/m4/hooks.m4
index 4340e0db19..ab0a3d05ea 100644
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -300,6 +300,21 @@ AC_MSG_ERROR([[
   fi
   AM_CONDITIONAL(ENABLE_OCSP, test "$ac_enable_ocsp" != "no")
 
+  AC_MSG_CHECKING([whether to disable session tickets support])
+  AC_ARG_ENABLE(session-tickets,
+    AS_HELP_STRING([--disable-session-tickets],
+                   [disable session tickets support]),
+    ac_enable_session_tickets=no)
+  if test x$ac_enable_session_tickets != xno; then
+   ac_enable_session_tickets=yes
+   AC_MSG_RESULT(no)
+   AC_DEFINE([ENABLE_SESSION_TICKETS], 1, [enable session tickets support])
+  else
+   ac_full=0
+   AC_MSG_RESULT(yes)
+  fi
+  AM_CONDITIONAL(ENABLE_SESSION_TICKETS, test "$ac_enable_session_tickets" != "no")
+
   # For storing integers in pointers without warnings
   # http://developer.gnome.org/doc/API/2.0/glib/glib-Type-Conversion-Macros.html#desc
   AC_CHECK_SIZEOF(void *)
diff --git a/src/serv.c b/src/serv.c
index c3e33ae529..5b446493d3 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -348,9 +348,11 @@ gnutls_session_t initialize_session(int dtls)
 		gnutls_db_set_ptr(session, NULL);
 	}
 
+#ifdef ENABLE_SESSION_TICKETS
 	if (noticket == 0)
 		gnutls_session_ticket_enable_server(session,
 						    &session_ticket_key);
+#endif
 
 	if (gnutls_priority_set_direct(session, priorities, &err) < 0) {
 		fprintf(stderr, "Syntax error at: %s\n", err);
@@ -1153,8 +1155,10 @@ int main(int argc, char **argv)
 /*      gnutls_anon_set_server_dh_params(dh_cred, dh_params); */
 #endif
 
+#ifdef ENABLE_SESSION_TICKETS
 	if (noticket == 0)
 		gnutls_session_ticket_key_generate(&session_ticket_key);
+#endif
 
 	if (HAVE_OPT(MTU))
 		mtu = OPT_VALUE_MTU;