diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-03-05 14:46:19 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-03-05 14:46:19 +0100 |
commit | d9ce82a4ce690857f828e6c434718c2a85bfbab0 (patch) | |
tree | b9b151b96ccd81e68a1124f2c2d9d48cb13354c8 | |
parent | 70ea3b701bf80847903bbf3d2f010cfbf55410ba (diff) | |
download | gnutls-d9ce82a4ce690857f828e6c434718c2a85bfbab0.tar.gz |
session tickets can be disabled
-rw-r--r-- | configure.ac | 1 | ||||
-rw-r--r-- | lib/ext/session_ticket.c | 4 | ||||
-rw-r--r-- | lib/gnutls_extensions.c | 2 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 7 | ||||
-rw-r--r-- | lib/gnutls_state.c | 2 | ||||
-rw-r--r-- | m4/hooks.m4 | 15 | ||||
-rw-r--r-- | src/serv.c | 4 |
7 files changed, 34 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index e463b5f2bf..6d4ce0227d 100644 --- a/configure.ac +++ b/configure.ac @@ -781,6 +781,7 @@ if features are disabled) DTLS-SRTP support: $ac_enable_srtp ALPN support: $ac_enable_alpn OCSP support: $ac_enable_ocsp + Ses. ticket support: $ac_enable_session_tickets OpenPGP support: $ac_enable_openpgp SRP support: $ac_enable_srp PSK support: $ac_enable_psk diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c index 6ce23efb84..35bad36f12 100644 --- a/lib/ext/session_ticket.c +++ b/lib/ext/session_ticket.c @@ -34,6 +34,8 @@ #include <gnutls_extensions.h> #include <gnutls_constate.h> +#ifdef ENABLE_SESSION_TICKETS + #define KEY_NAME_SIZE SESSION_TICKET_KEY_NAME_SIZE #define KEY_SIZE SESSION_TICKET_KEY_SIZE #define IV_SIZE 12 /* GCM */ @@ -696,3 +698,5 @@ int _gnutls_recv_new_session_ticket(gnutls_session_t session) return ret; } + +#endif diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 3d32b6a0ae..013df19a8a 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -340,9 +340,11 @@ int _gnutls_ext_init(void) return ret; #endif +#ifdef ENABLE_SESSION_TICKETS ret = _gnutls_ext_register(&ext_mod_session_ticket); if (ret != GNUTLS_E_SUCCESS) return ret; +#endif ret = _gnutls_ext_register(&ext_mod_supported_ecc); if (ret != GNUTLS_E_SUCCESS) diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index a94406d1c9..1331d92220 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -2781,18 +2781,22 @@ static int _gnutls_handshake_client(gnutls_session_t session) if (session->internals.resumed == RESUME_FALSE) { ret = _gnutls_send_handshake_final(session, TRUE); IMED_RET("send handshake final 2", ret, 1); +#ifdef ENABLE_SESSION_TICKETS } else { ret = _gnutls_recv_new_session_ticket(session); IMED_RET("recv handshake new session ticket", ret, 1); +#endif } case STATE16: STATE = STATE16; if (session->internals.resumed == RESUME_FALSE) { +#ifdef ENABLE_SESSION_TICKETS ret = _gnutls_recv_new_session_ticket(session); IMED_RET("recv handshake new session ticket", ret, 1); +#endif } else { ret = _gnutls_recv_handshake_final(session, TRUE); IMED_RET("recv handshake final", ret, 1); @@ -3153,12 +3157,13 @@ static int _gnutls_handshake_server(gnutls_session_t session) } case STATE13: +#ifdef ENABLE_SESSION_TICKETS ret = _gnutls_send_new_session_ticket(session, AGAIN(STATE13)); STATE = STATE13; IMED_RET("send handshake new session ticket", ret, 0); - +#endif case STATE14: STATE = STATE14; if (session->internals.resumed == RESUME_FALSE) { /* if we are not resuming */ diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 1db5a48e8b..b9cbc3af86 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -403,7 +403,9 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags) /* Enable useful extensions */ if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_EXTENSIONS)) { +#ifdef ENABLE_SESSION_TICKETS gnutls_session_ticket_enable_client(*session); +#endif #ifdef ENABLE_OCSP gnutls_ocsp_status_request_enable_client(*session, NULL, 0, NULL); diff --git a/m4/hooks.m4 b/m4/hooks.m4 index 4340e0db19..ab0a3d05ea 100644 --- a/m4/hooks.m4 +++ b/m4/hooks.m4 @@ -300,6 +300,21 @@ AC_MSG_ERROR([[ fi AM_CONDITIONAL(ENABLE_OCSP, test "$ac_enable_ocsp" != "no") + AC_MSG_CHECKING([whether to disable session tickets support]) + AC_ARG_ENABLE(session-tickets, + AS_HELP_STRING([--disable-session-tickets], + [disable session tickets support]), + ac_enable_session_tickets=no) + if test x$ac_enable_session_tickets != xno; then + ac_enable_session_tickets=yes + AC_MSG_RESULT(no) + AC_DEFINE([ENABLE_SESSION_TICKETS], 1, [enable session tickets support]) + else + ac_full=0 + AC_MSG_RESULT(yes) + fi + AM_CONDITIONAL(ENABLE_SESSION_TICKETS, test "$ac_enable_session_tickets" != "no") + # For storing integers in pointers without warnings # http://developer.gnome.org/doc/API/2.0/glib/glib-Type-Conversion-Macros.html#desc AC_CHECK_SIZEOF(void *) diff --git a/src/serv.c b/src/serv.c index c3e33ae529..5b446493d3 100644 --- a/src/serv.c +++ b/src/serv.c @@ -348,9 +348,11 @@ gnutls_session_t initialize_session(int dtls) gnutls_db_set_ptr(session, NULL); } +#ifdef ENABLE_SESSION_TICKETS if (noticket == 0) gnutls_session_ticket_enable_server(session, &session_ticket_key); +#endif if (gnutls_priority_set_direct(session, priorities, &err) < 0) { fprintf(stderr, "Syntax error at: %s\n", err); @@ -1153,8 +1155,10 @@ int main(int argc, char **argv) /* gnutls_anon_set_server_dh_params(dh_cred, dh_params); */ #endif +#ifdef ENABLE_SESSION_TICKETS if (noticket == 0) gnutls_session_ticket_key_generate(&session_ticket_key); +#endif if (HAVE_OPT(MTU)) mtu = OPT_VALUE_MTU; |