[gnutls-devel] Bug: SNI is ignored when resuming session from cache

Thomas Klute thomas2.klute at uni-dortmund.de
Sat Sep 23 21:57:08 CEST 2017


Am 23.09.2017 um 08:30 schrieb Nikos Mavrogiannopoulos:
> On Thu, 2017-09-21 at 11:27 +0200, Thomas Klute wrote:
>> Am 20.09.2017 um 18:35 schrieb Nikos Mavrogiannopoulos:
>>> A reproducer would certainly speed things up!
>>
>> Attached my fix with a detailed commit message, and a reproducer/test
>> case.
>>
> 
> Thank you. I've created a merge request at:
> https://gitlab.com/gnutls/gnutls/merge_requests/520
> 
> The reason for not reading the extension at resumption was in order to
> enforce the previously received SNI, on the first connection. However,
> as I understand that is not the case.
> 
> Anyway, your analysis is right, and we should prevent the resumption
> from happening inside gnutls in _gnutls_check_resumed_params().
> For that, I've enhanced the pull request above. Could you check whether
> it addresses the bug you raised?

Yes, mod_gnutls can retrieve SNI data when linked against a build of the
tmp-sni-fixes branch. Thank you.

The code and test you've added to check SNI data on resumption looks
reasonable and works on my system. I don't have an account on Gitlab, so
please just go ahead and merge. :-)

Regards,
Thomas



More information about the Gnutls-devel mailing list