[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 97/173: gnutls: disable TLS session tickets
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 97/173: gnutls: disable TLS session tickets |
Date: |
Fri, 24 Feb 2017 14:01:59 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.53.1
in repository gnurl.
commit 511674ab279cebe143748920755631539a198d33
Author: Michael Kaufmann <address@hidden>
AuthorDate: Sat Jan 28 20:06:31 2017 +0100
gnutls: disable TLS session tickets
SSL session reuse with TLS session tickets is not supported yet.
Use SSL session IDs instead.
Fixes https://github.com/curl/curl/issues/1109
---
lib/vtls/gtls.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index a992f9994..faa70aca2 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -380,6 +380,7 @@ gtls_connect_step1(struct connectdata *conn,
int sockindex)
{
struct Curl_easy *data = conn->data;
+ unsigned int init_flags;
gnutls_session_t session;
int rc;
bool sni = TRUE; /* default is SNI enabled */
@@ -526,7 +527,14 @@ gtls_connect_step1(struct connectdata *conn,
}
/* Initialize TLS session as a client */
- rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT);
+ init_flags = GNUTLS_CLIENT;
+
+#if defined(GNUTLS_NO_TICKETS)
+ /* Disable TLS session tickets */
+ init_flags |= GNUTLS_NO_TICKETS;
+#endif
+
+ rc = gnutls_init(&conn->ssl[sockindex].session, init_flags);
if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_init() failed: %d", rc);
return CURLE_SSL_CONNECT_ERROR;
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 72/173: nss: use the correct lock in nss_find_slot_by_name(), (continued)
- [GNUnet-SVN] [gnurl] 72/173: nss: use the correct lock in nss_find_slot_by_name(), gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 44/173: STARTTLS: Don't print response character in denied messages, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 35/173: ROADMAP: 2017 cleanup, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 71/173: http2: disable server push if not requested, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 83/173: CURLOPT_BUFFERSIZE: support enlarging receive buffer, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 67/173: TODO: implemened "--fail-fast to exit on first transfer fail", gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 45/173: rand: make it work without TLS backing, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 73/173: bump: next release will be 7.53.0, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 105/173: OS400: Fix symbols, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 55/173: IDN: Use TR46 non-transitional, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 97/173: gnutls: disable TLS session tickets,
gnunet <=
- [GNUnet-SVN] [gnurl] 48/173: docs: FAQ MAIL-ETIQUETTE language fixes, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 75/173: openssl: Fix random generation, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 74/173: TODO: share OpenSSL contexts, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 99/173: RELEASE-NOTES; synced with ab08d82648, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 79/173: docs: non-blocking SSL handshake is now supported with NSS, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 98/173: mbedtls: disable TLS session tickets, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 132/173: smb: code indent, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 135/173: axtls: adapt to API changes, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 106/173: docs: Add more HTTPS proxy documentation, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 57/173: docs: Add note about libcurl copying strings to CURLOPT_* manpages, gnunet, 2017/02/24