[gnutls-devel] Bug: SNI is ignored when resuming session from cache

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Sep 20 18:35:08 CEST 2017


On Wed, 2017-09-20 at 08:00 +0200, Thomas Klute wrote:

> > > > Thank you Thomas. That seems like a reasonable fix. Would you
> > > > like to
> > > > send it as a merge request?
> > > 
> > > At the moment the one-line parse type change is the only fix I
> > > have,
> > > please just apply that so gnutls_server_name_get works with a
> > > session
> > > cache. If I have time to add server name checks for resumption
> > > I'll look
> > > into Gitlab's merge requests, or maybe just send a normal Git
> > > pull request.
> > 
> > I will not have much time to check into that soon (tls1.3 support
> > is
> > my priority at the moment). Would it make sense to open an issue on
> > gitlab to track it?
> 
> My immediate concern is getting SNI parsing during session resumption
> fixed, because the bug breaks mod_gnutls virtual hosts with different
> certificates or cipher suites if tickets are disabled. If you'd like
> I
> can look into adding a reproducer script for the test suite.
> 
> Tracking the question of checking SNI values on resumption separately
> makes sense in my opinion.

A reproducer would certainly speed things up!





More information about the Gnutls-devel mailing list