diff options
| author | lloyd <[email protected]> | 2012-03-23 17:17:05 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-03-23 17:17:05 +0000 |
| commit | 9c67e7a9b20c87e6709346d75edaf951aa4c2eb5 (patch) | |
| tree | e1ea1f5ad63dbfd4b311aaed6787c34d6c911c5e /src/credentials | |
| parent | 9208e05246aa3f3085a45f85e3c9f2844828f73e (diff) | |
Revert the session_ticket callback in credentials manager. If a PSK
manager is being used, it could be easily used for session tickets as
well, and if it's not the generate-on-first-call technique is easy to
write.
Avoid offering the session ticket extension if we know we don't have a
key. For one thing it will cause us to avoid using stateful sessions,
but additionally OpenSSL 1.0.1 is very intolerant of empty
NewSessionTicket messages so definitely worth avoiding when we can.
Diffstat (limited to 'src/credentials')
| -rw-r--r-- | src/credentials/credentials_manager.cpp | 8 | ||||
| -rw-r--r-- | src/credentials/credentials_manager.h | 11 |
2 files changed, 2 insertions, 17 deletions
diff --git a/src/credentials/credentials_manager.cpp b/src/credentials/credentials_manager.cpp index a70d8d660..ef5d44819 100644 --- a/src/credentials/credentials_manager.cpp +++ b/src/credentials/credentials_manager.cpp @@ -7,7 +7,6 @@ #include <botan/credentials_manager.h> #include <botan/x509stor.h> -#include <botan/libstate.h> namespace Botan { @@ -31,13 +30,6 @@ SymmetricKey Credentials_Manager::psk(const std::string&, throw Internal_Error("No PSK set for identity " + identity); } -const SymmetricKey& Credentials_Manager::session_ticket_key() - { - if(m_session_ticket_key.length() == 0) - m_session_ticket_key = SymmetricKey(global_state().global_rng(), 32); - return m_session_ticket_key; - } - std::string Credentials_Manager::srp_identifier(const std::string&, const std::string&) { diff --git a/src/credentials/credentials_manager.h b/src/credentials/credentials_manager.h index 7fcdcd6eb..e1b4268e3 100644 --- a/src/credentials/credentials_manager.h +++ b/src/credentials/credentials_manager.h @@ -41,18 +41,14 @@ class BOTAN_DLL Credentials_Manager const std::string& identity_hint); /** - * @return the PSK used for identity + * @return the PSK used for identity, or throw an exception if no + * key exists */ virtual SymmetricKey psk(const std::string& type, const std::string& context, const std::string& identity); /** - * @return key used to encrypt session tickets by a TLS server - */ - virtual const SymmetricKey& session_ticket_key(); - - /** * @return identifier for client-side SRP auth, if available for this type/context. Should return empty string if password auth not desired/available. @@ -142,9 +138,6 @@ class BOTAN_DLL Credentials_Manager virtual Private_Key* private_key_for(const X509_Certificate& cert, const std::string& type, const std::string& context); - - private: - SymmetricKey m_session_ticket_key; }; } |