[gnutls-devel] Bug: SNI is ignored when resuming session from cache
Nikos Mavrogiannopoulos
nmav at gnutls.org
Wed Sep 20 18:35:08 CEST 2017
On Wed, 2017-09-20 at 08:00 +0200, Thomas Klute wrote:
> > > > Thank you Thomas. That seems like a reasonable fix. Would you
> > > > like to
> > > > send it as a merge request?
> > >
> > > At the moment the one-line parse type change is the only fix I
> > > have,
> > > please just apply that so gnutls_server_name_get works with a
> > > session
> > > cache. If I have time to add server name checks for resumption
> > > I'll look
> > > into Gitlab's merge requests, or maybe just send a normal Git
> > > pull request.
> >
> > I will not have much time to check into that soon (tls1.3 support
> > is
> > my priority at the moment). Would it make sense to open an issue on
> > gitlab to track it?
>
> My immediate concern is getting SNI parsing during session resumption
> fixed, because the bug breaks mod_gnutls virtual hosts with different
> certificates or cipher suites if tickets are disabled. If you'd like
> I
> can look into adding a reproducer script for the test suite.
>
> Tracking the question of checking SNI values on resumption separately
> makes sense in my opinion.
A reproducer would certainly speed things up!
More information about the Gnutls-devel
mailing list