gnutls: disable TLS session tickets

SSL session reuse with TLS session tickets is not supported yet. Use SSL session IDs instead. Fixes https://github.com/curl/curl/issues/1109
author: Michael Kaufmann <mail@michael-kaufmann.ch> 2017-01-28 20:06:31 +0100
committer: Michael Kaufmann <mail@michael-kaufmann.ch> 2017-01-28 20:09:37 +0100
commit: 511674ab279cebe143748920755631539a198d33 (patch)
tree: e393a799f11f7711b0b7d5a8f26a0b97fd863024 /lib
parent: bcca842e0d2b2a70b776cf888572739bda11dac7 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index a992f9994..faa70aca2 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -380,6 +380,7 @@ gtls_connect_step1(struct connectdata *conn,
                    int sockindex)
 {
   struct Curl_easy *data = conn->data;
+  unsigned int init_flags;
   gnutls_session_t session;
   int rc;
   bool sni = TRUE; /* default is SNI enabled */
@@ -526,7 +527,14 @@ gtls_connect_step1(struct connectdata *conn,
   }
 
   /* Initialize TLS session as a client */
-  rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT);
+  init_flags = GNUTLS_CLIENT;
+
+#if defined(GNUTLS_NO_TICKETS)
+  /* Disable TLS session tickets */
+  init_flags |= GNUTLS_NO_TICKETS;
+#endif
+
+  rc = gnutls_init(&conn->ssl[sockindex].session, init_flags);
   if(rc != GNUTLS_E_SUCCESS) {
     failf(data, "gnutls_init() failed: %d", rc);
     return CURLE_SSL_CONNECT_ERROR;
author	Michael Kaufmann <mail@michael-kaufmann.ch>	2017-01-28 20:06:31 +0100
committer	Michael Kaufmann <mail@michael-kaufmann.ch>	2017-01-28 20:09:37 +0100
commit	511674ab279cebe143748920755631539a198d33 (patch)
tree	e393a799f11f7711b0b7d5a8f26a0b97fd863024 /lib
parent	bcca842e0d2b2a70b776cf888572739bda11dac7 (diff)