[PATCH] session ticket support
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Jul 17 21:01:04 CEST 2009
Daiki Ueno wrote:
>> - Have you checked this implementation against others?
> Not yet. I'll check it against OpenSSL this weekend.
Please let me know of results.
>> - It seems gnutls_session_ticket_enable_server() requires some random
>> key to be available. Do you have thought a way for this key to be generated?
>
> Though I have no idea how to generate that key, how about an interface
> something like:
>
> gnutls_session_ticket_server_key_t key;
>
> gnutls_session_ticket_allocate_server_key (&key);
> /* NULL for generating a random key internally. */
> gnutls_session_ticket_set_server_key (key, NULL, -1);
>
> for (;;)
> {
> sd = accept (listen_sd, ...);
> ...
> /* Generate only IV here. */
> gnutls_session_ticket_enable_server (session, key);
> }
>
> Sorry if I'm missing the subject.
No you are correct. However I would go a step further and make the
randomization it explicitly, in order to allow storing of those
somewhere (for a web server to reuse). An API could be:
int gnutls_session_ticket_allocate_server_key (&key);
int gnutls_session_ticket_randomize (key);
int gnutls_session_ticket_export (key, uint8_t* data, size_t* size); /*
to save into a file */
int gnutls_session_ticket_import (key, const uint8_t* data, size_t
size); /* to load from a file */
Would you be interested into implementing this as well? Alternatively I
could work on it once all paper work is done.
best regards,
Nikos
More information about the Gnutls-devel
mailing list