diff options
author | Michael Kaufmann <mail@michael-kaufmann.ch> | 2017-01-28 20:06:31 +0100 |
---|---|---|
committer | Michael Kaufmann <mail@michael-kaufmann.ch> | 2017-01-28 20:09:37 +0100 |
commit | 511674ab279cebe143748920755631539a198d33 (patch) | |
tree | e393a799f11f7711b0b7d5a8f26a0b97fd863024 | |
parent | bcca842e0d2b2a70b776cf888572739bda11dac7 (diff) |
gnutls: disable TLS session tickets
SSL session reuse with TLS session tickets is not supported yet.
Use SSL session IDs instead.
Fixes https://github.com/curl/curl/issues/1109
-rw-r--r-- | lib/vtls/gtls.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index a992f9994..faa70aca2 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -380,6 +380,7 @@ gtls_connect_step1(struct connectdata *conn, int sockindex) { struct Curl_easy *data = conn->data; + unsigned int init_flags; gnutls_session_t session; int rc; bool sni = TRUE; /* default is SNI enabled */ @@ -526,7 +527,14 @@ gtls_connect_step1(struct connectdata *conn, } /* Initialize TLS session as a client */ - rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT); + init_flags = GNUTLS_CLIENT; + +#if defined(GNUTLS_NO_TICKETS) + /* Disable TLS session tickets */ + init_flags |= GNUTLS_NO_TICKETS; +#endif + + rc = gnutls_init(&conn->ssl[sockindex].session, init_flags); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_init() failed: %d", rc); return CURLE_SSL_CONNECT_ERROR; |