From 511674ab279cebe143748920755631539a198d33 Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Sat, 28 Jan 2017 20:06:31 +0100 Subject: gnutls: disable TLS session tickets SSL session reuse with TLS session tickets is not supported yet. Use SSL session IDs instead. Fixes https://github.com/curl/curl/issues/1109 --- lib/vtls/gtls.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'lib/vtls') diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index a992f9994..faa70aca2 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -380,6 +380,7 @@ gtls_connect_step1(struct connectdata *conn, int sockindex) { struct Curl_easy *data = conn->data; + unsigned int init_flags; gnutls_session_t session; int rc; bool sni = TRUE; /* default is SNI enabled */ @@ -526,7 +527,14 @@ gtls_connect_step1(struct connectdata *conn, } /* Initialize TLS session as a client */ - rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT); + init_flags = GNUTLS_CLIENT; + +#if defined(GNUTLS_NO_TICKETS) + /* Disable TLS session tickets */ + init_flags |= GNUTLS_NO_TICKETS; +#endif + + rc = gnutls_init(&conn->ssl[sockindex].session, init_flags); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_init() failed: %d", rc); return CURLE_SSL_CONNECT_ERROR; -- cgit v1.2.3