[PATCH] session ticket support
Daiki Ueno
ueno at unixuser.org
Fri Jul 17 13:32:08 CEST 2009
Hi Nikos,
>>>>> In <4A5F93EA.9050100 at gnutls.org>
>>>>> Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> > The attached is an experimental patch which adds support for RFC5077
> > SessionTicket extension to GnuTLS. I would appreciate any comment.
> >
> > Some notes:
> >
> > - I added gnutls_ext_register2, since the send_params callback of
> > gnutls_ext_register is not currently able to send empty extension
> > data.
> I have modified your patch and gnutls to avoid the need for send_func2.
> (new patch attached).
Thanks for reviewing. I agree with that having a second function just
for sending empty data is too much.
> Some questions I'd like to pose you are:
> - Would you be willing to transfer copyright to FSF for your code?
Sure.
> - Have you checked this implementation against others?
Not yet. I'll check it against OpenSSL this weekend.
> - It seems gnutls_session_ticket_enable_server() requires some random
> key to be available. Do you have thought a way for this key to be generated?
Though I have no idea how to generate that key, how about an interface
something like:
gnutls_session_ticket_server_key_t key;
gnutls_session_ticket_allocate_server_key (&key);
/* NULL for generating a random key internally. */
gnutls_session_ticket_set_server_key (key, NULL, -1);
for (;;)
{
sd = accept (listen_sd, ...);
...
/* Generate only IV here. */
gnutls_session_ticket_enable_server (session, key);
}
Sorry if I'm missing the subject.
Regards,
--
Daiki Ueno
More information about the Gnutls-devel
mailing list