[gnutls-devel] GnuTLS | Add API to check whether session tickets are enabled (#1531)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Thu Apr 4 11:40:53 CEST 2024 



Ajit Singh commented: https://gitlab.com/gnutls/gnutls/-/issues/1531#note_1845692160

@ueno any thoughts on this? I think we can go with same function as functionality doesn't differ much? 

```
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index afecfaa39..97eab2d34 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1627,6 +1627,10 @@ unsigned gnutls_session_etm_status(gnutls_session_t session);
  * @GNUTLS_SFLAGS_CLI_REQUESTED_OCSP: Set when the client has requested OCSP staple during handshake.
  * @GNUTLS_SFLAGS_SERV_REQUESTED_OCSP: Set when the server has requested OCSP staple during handshake.
  *
+ * Session configuration flags:
+ * @GNUTLS_SCFLAGS_NO_TICKETS_ENABLED: Set when %NO_TICKET priority string is enabled.
+ * @GNUTLS_SCFLAGS_NO_TICKETS_TLS12_ENABLED: Set when %NO_TICKET_TLS12 priority string is enabled.
+ *
  * Enumeration of different session parameters.
  */
 typedef enum {
@@ -1642,7 +1646,11 @@ typedef enum {
        GNUTLS_SFLAGS_EARLY_START = 1 << 9,
        GNUTLS_SFLAGS_EARLY_DATA = 1 << 10,
        GNUTLS_SFLAGS_CLI_REQUESTED_OCSP = 1 << 11,
-       GNUTLS_SFLAGS_SERV_REQUESTED_OCSP = 1 << 12
+       GNUTLS_SFLAGS_SERV_REQUESTED_OCSP = 1 << 12,
+
+       /* Configuration flags */
+       GNUTLS_SCFLAGS_NO_TICKETS_ENABLED = 1 << 13,
+       GNUTLS_SCFLAGS_NO_TICKETS_TLS12_ENABLED = 1 << 14
 } gnutls_session_flags_t;

 unsigned gnutls_session_get_flags(gnutls_session_t session);
diff --git a/lib/state.c b/lib/state.c
index ec514c0cd..cfb3239bc 100644
--- a/lib/state.c
+++ b/lib/state.c
@@ -1858,5 +1858,10 @@ unsigned gnutls_session_get_flags(gnutls_session_t session)
        if (session->internals.hsk_flags & HSK_CLIENT_OCSP_REQUESTED)
                flags |= GNUTLS_SFLAGS_SERV_REQUESTED_OCSP;

+       if (session->internals.priorities->no_tickets)
+               flags |= GNUTLS_SCFLAGS_NO_TICKETS_ENABLED;
+       if (session->internals.priorities->no_tickets_tls12)
+               flags |= GNUTLS_SCFLAGS_NO_TICKETS_TLS12_ENABLED;
+
        return flags;
 }
 
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1531#note_1845692160
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240404/844bb32d/attachment.html>

More information about the Gnutls-devel mailing list