[PATCH] session ticket support
Daiki Ueno
ueno at unixuser.org
Mon Aug 3 20:19:21 CEST 2009
>>>>> In <c331d99a0907301348s3e7efe47nb47b2ccd47592f1e at mail.gmail.com>
>>>>> Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> > When I changed _gnutls_recv_new_session_ticket to generate new session
> > ID, it started to work. I attach the new patch, which includes:
> I have some questions for you. I was checking the parts that unpack
> and pack the session and was wondering whether using the
> _gnutls_session_pack() would be possible. In that case both
> implementations of the DB and session ticket backends will share
> common code.
I chose the RFC format just because the patch was initially for
experimental purpose. Using _gnutls_session_pack() would be definitely
better.
I've just tried to make use of the internal format, the code became much
simpler (which reduced ~100 lines). Thanks for the suggestion.
> Another issue I noticed while checking the code is that if the session
> ticket doesn't decrypt well or doesn't verify well, an error is
> returned... Wouldn't it be more appropriate to just continue ignoring
> the ticket and perform a full handshake?
Absolutely. I'll post a new patch shortly, with other polishments
(adding interface docs, etc.).
Regards,
--
Daiki Ueno
More information about the Gnutls-devel
mailing list