[PATCH] session ticket support

Daiki Ueno ueno at unixuser.org
Mon Aug 3 20:19:21 CEST 2009

>>>>> In <c331d99a0907301348s3e7efe47nb47b2ccd47592f1e at mail.gmail.com> 
>>>>>	Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> > When I changed _gnutls_recv_new_session_ticket to generate new session
> > ID, it started to work.  I attach the new patch, which includes:

>  I have some questions for you.  I was checking the parts that unpack
> and pack the session and was wondering whether using the
> _gnutls_session_pack() would be possible. In that case both
> implementations of the DB and session ticket backends will share
> common code.

I chose the RFC format just because the patch was initially for
experimental purpose.  Using _gnutls_session_pack() would be definitely

I've just tried to make use of the internal format, the code became much
simpler (which reduced ~100 lines).  Thanks for the suggestion.

> Another issue I noticed while checking the code is that if the session
> ticket doesn't decrypt well or doesn't verify well, an error is
> returned... Wouldn't it be more appropriate to just continue ignoring
> the ticket and perform a full handshake?

Absolutely.  I'll post a new patch shortly, with other polishments
(adding interface docs, etc.).

Daiki Ueno

More information about the Gnutls-devel mailing list