[gnutls-devel] GnuTLS | gnutls-cli: Add option to wait longer for resumption data (!1232)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Apr 7 14:28:43 CEST 2020 


Anderson Sasaki created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232

Project:Branches: ansasaki/gnutls:cli-wait-resumption to gnutls/gnutls:master
Author:    Anderson Sasaki



This adds the command line option ``--waitresumption`` to ``gnutls-cli`` to make the client to wait longer for the resumption data under TLS1.3.  When the option is provided, the client will use a timeout increased by 5 seconds when waiting for the resumption data.  If no ticket is received, then the execution continues as if the ticket was not sent by the server.

This is useful to force the client to wait for the resumption data when the server takes long to send the ticket, allowing the session resumption to be tested.  This is a common scenario in CI systems where the testing machines have limited resources.

The changes were tested locally using https://github.com/tomato42/tlslite-ng server with the following patch applied to make the server to delay sending the resumption data:

```
diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py
index 5c8dcc5..30cbd34 100644
--- a/tlslite/tlsconnection.py
+++ b/tlslite/tlsconnection.py
@@ -2452,6 +2452,9 @@ class TLSConnection(TLSRecordLayer):
 
             encrypted_ticket = cipher.seal(iv, ticket.write(), b'')
 
+            # delay sending the ticket for a while
+            time.sleep(1)
+
             # encapsulate the ticket and send to client
             new_ticket = NewSessionTicket()
             new_ticket.create(settings.ticketLifetime,
```

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [x] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200407/aa034cfb/attachment.html>

More information about the Gnutls-devel mailing list