[PATCH] session ticket support

Daiki Ueno ueno at unixuser.org
Wed Aug 19 09:53:07 CEST 2009

(Sorry, please ignore the previous incomplete message I've sent by

>>>>> In <878whgdcdw.fsf at mocca.josefsson.org> 
>>>>>	Simon Josefsson <simon at josefsson.org> wrote:
> Your FSF papers have arrived so we should push your patch into the
> official repository.  Do you have an updated patch, or should I use the
> last one you posted?  Having more self-tests would be nice, but not
> essential.

Yes, please use the attached one.  The following changes from the
previous patch have been applied:

* Support rehandshake when _gnutls_send_new_session_ticket() is

* Remove a bunch of compiler warnings when configured with

* Add one of the self-tests as you suggested:

> * What happens if the client has a session ticket but the server has
>   disabled session ticket support?

However, the other one has not yet not implemented since I couldn't find
an easy way to send arbitrary extension data from applications:

> * What happens if the client provides a garbage session ticket?
>   - Does the RFC specify what should happen?  I'd assume that the
>     handshake continues as normal, but I'm not sure.

It will be detected during MAC verification and reported as "decryption
failed", and then the full-handshake should take place.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: session-ticket-2009-08-19.diff.gz
Type: application/octet-stream
Size: 10748 bytes
Desc: not available
URL: </pipermail/attachments/20090819/25fdebed/attachment.obj>
-------------- next part --------------

Daiki Ueno

More information about the Gnutls-devel mailing list