From 9c67e7a9b20c87e6709346d75edaf951aa4c2eb5 Mon Sep 17 00:00:00 2001
From: lloyd <lloyd@randombit.net>
Date: Fri, 23 Mar 2012 17:17:05 +0000
Subject: Revert the session_ticket callback in credentials manager. If a PSK
 manager is being used, it could be easily used for session tickets as well,
 and if it's not the generate-on-first-call technique is easy to write.

Avoid offering the session ticket extension if we know we don't have a
key. For one thing it will cause us to avoid using stateful sessions,
but additionally OpenSSL 1.0.1 is very intolerant of empty
NewSessionTicket messages so definitely worth avoiding when we can.
---
 doc/tls.txt | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'doc/tls.txt')

diff --git a/doc/tls.txt b/doc/tls.txt
index 8c2b815b6..dd4fb1270 100644
--- a/doc/tls.txt
+++ b/doc/tls.txt
@@ -98,7 +98,10 @@ TLS Clients
    The *handshake_complete* function is called when a handshake
    (either initial or renegotiation) is completed. The return value of
    the callback specifies if the session should be cached for later
-   resumption.
+   resumption. If the function for some reason desires to prevent the
+   connection from completing, it should throw an exception
+   (preferably a TLS_Exception, which can provide more specific alert
+   information to the counterparty).
 
    The *session_manager* is an interface for storing TLS sessions,
    which allows for session resumption upon reconnecting to a server.
-- 
cgit v1.2.3