aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Kaufmann <mail@michael-kaufmann.ch>2017-01-28 20:06:31 +0100
committerMichael Kaufmann <mail@michael-kaufmann.ch>2017-01-28 20:09:37 +0100
commit511674ab279cebe143748920755631539a198d33 (patch)
treee393a799f11f7711b0b7d5a8f26a0b97fd863024
parentbcca842e0d2b2a70b776cf888572739bda11dac7 (diff)
gnutls: disable TLS session tickets
SSL session reuse with TLS session tickets is not supported yet. Use SSL session IDs instead. Fixes https://github.com/curl/curl/issues/1109
-rw-r--r--lib/vtls/gtls.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index a992f9994..faa70aca2 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -380,6 +380,7 @@ gtls_connect_step1(struct connectdata *conn,
int sockindex)
{
struct Curl_easy *data = conn->data;
+ unsigned int init_flags;
gnutls_session_t session;
int rc;
bool sni = TRUE; /* default is SNI enabled */
@@ -526,7 +527,14 @@ gtls_connect_step1(struct connectdata *conn,
}
/* Initialize TLS session as a client */
- rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT);
+ init_flags = GNUTLS_CLIENT;
+
+#if defined(GNUTLS_NO_TICKETS)
+ /* Disable TLS session tickets */
+ init_flags |= GNUTLS_NO_TICKETS;
+#endif
+
+ rc = gnutls_init(&conn->ssl[sockindex].session, init_flags);
if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_init() failed: %d", rc);
return CURLE_SSL_CONNECT_ERROR;