Revert the session_ticket callback in credentials manager. If a PSK

manager is being used, it could be easily used for session tickets as
well, and if it's not the generate-on-first-call technique is easy to
write.

Avoid offering the session ticket extension if we know we don't have a
key. For one thing it will cause us to avoid using stateful sessions,
but additionally OpenSSL 1.0.1 is very intolerant of empty
NewSessionTicket messages so definitely worth avoiding when we can.

1 files changed, 2 insertions, 9 deletions

diff --git a/src/credentials/credentials_manager.h b/src/credentials/credentials_manager.h
index 7fcdcd6eb..e1b4268e3 100644
--- a/src/credentials/credentials_manager.h
+++ b/src/credentials/credentials_manager.h
@@ -41,18 +41,14 @@ class BOTAN_DLL Credentials_Manager
                                        const std::string& identity_hint);
 
       /**
-      * @return the PSK used for identity
+      * @return the PSK used for identity, or throw an exception if no
+      * key exists
       */
       virtual SymmetricKey psk(const std::string& type,
                                const std::string& context,
                                const std::string& identity);
 
       /**
-      * @return key used to encrypt session tickets by a TLS server
-      */
-      virtual const SymmetricKey& session_ticket_key();
-
-      /**
       * @return identifier for client-side SRP auth, if available
                 for this type/context. Should return empty string
                 if password auth not desired/available.
@@ -142,9 +138,6 @@ class BOTAN_DLL Credentials_Manager
       virtual Private_Key* private_key_for(const X509_Certificate& cert,
                                            const std::string& type,
                                            const std::string& context);
-
-   private:
-      SymmetricKey m_session_ticket_key;
    };
 
 }