diff options
author | lloyd <[email protected]> | 2012-03-23 17:17:05 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-03-23 17:17:05 +0000 |
commit | 9c67e7a9b20c87e6709346d75edaf951aa4c2eb5 (patch) | |
tree | e1ea1f5ad63dbfd4b311aaed6787c34d6c911c5e /src/tls/s_hello.cpp | |
parent | 9208e05246aa3f3085a45f85e3c9f2844828f73e (diff) |
Revert the session_ticket callback in credentials manager. If a PSK
manager is being used, it could be easily used for session tickets as
well, and if it's not the generate-on-first-call technique is easy to
write.
Avoid offering the session ticket extension if we know we don't have a
key. For one thing it will cause us to avoid using stateful sessions,
but additionally OpenSSL 1.0.1 is very intolerant of empty
NewSessionTicket messages so definitely worth avoiding when we can.
Diffstat (limited to 'src/tls/s_hello.cpp')
-rw-r--r-- | src/tls/s_hello.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp index 4cbc69f30..7da9fdc57 100644 --- a/src/tls/s_hello.cpp +++ b/src/tls/s_hello.cpp @@ -25,6 +25,7 @@ Server_Hello::Server_Hello(Record_Writer& writer, const Client_Hello& c_hello, const std::vector<std::string>& available_cert_types, const Policy& policy, + bool have_session_ticket_key, bool client_has_secure_renegotiation, const MemoryRegion<byte>& reneg_info, bool client_has_npn, @@ -38,7 +39,8 @@ Server_Hello::Server_Hello(Record_Writer& writer, m_renegotiation_info(reneg_info), m_next_protocol(client_has_npn), m_next_protocols(next_protocols), - m_supports_session_ticket(c_hello.supports_session_ticket()) + m_supports_session_ticket(have_session_ticket_key && + c_hello.supports_session_ticket()) { suite = policy.choose_suite( c_hello.ciphersuites(), |