[glib-networking] tls: Only cache session data if a session was not resumed



commit da9c6df0e7c0a9e565b07492ef859be878bae42f
Author: Ross Lagerwall <rosslagerwall gmail com>
Date:   Tue Feb 24 17:21:22 2015 +0000

    tls: Only cache session data if a session was not resumed
    
    As per the upstream discussion [1], session data should only be
    stored when the session is not resumed.
    
    This affects resuming sessions when using TLS tickets, since they
    are not stored in the session data after a save/resume cycle.
    
    [1] http://lists.gnutls.org/pipermail/gnutls-help/2015-February/003760.html
    
    https://bugzilla.gnome.org/show_bug.cgi?id=745099

 tls/gnutls/gtlsclientconnection-gnutls.c |   32 +++++++++++++++++++----------
 1 files changed, 21 insertions(+), 11 deletions(-)
---
diff --git a/tls/gnutls/gtlsclientconnection-gnutls.c b/tls/gnutls/gtlsclientconnection-gnutls.c
index 69ae6c3..7ca4220 100644
--- a/tls/gnutls/gtlsclientconnection-gnutls.c
+++ b/tls/gnutls/gtlsclientconnection-gnutls.c
@@ -327,18 +327,28 @@ g_tls_client_connection_gnutls_finish_handshake (GTlsConnectionGnutls  *conn,
 
   if (gnutls->priv->session_id)
     {
-      gnutls_datum_t session_datum;
-
-      if (!*inout_error &&
-         gnutls_session_get_data2 (g_tls_connection_gnutls_get_session (conn),
-                                   &session_datum) == 0)
+      if (!*inout_error)
        {
-         GBytes *session_data = g_bytes_new_with_free_func (session_datum.data, session_datum.size,
-                                                            (GDestroyNotify)gnutls_free, session_datum.data);
-
-         g_tls_backend_gnutls_store_session (GNUTLS_CLIENT, gnutls->priv->session_id,
-                                             session_data);
-         g_bytes_unref (session_data);
+          if (!gnutls_session_is_resumed (g_tls_connection_gnutls_get_session (conn)))
+            {
+              gnutls_datum_t session_datum;
+
+              if (gnutls_session_get_data2 (g_tls_connection_gnutls_get_session (conn),
+                                            &session_datum) == 0)
+                {
+                  GBytes *session_data = g_bytes_new_with_free_func (session_datum.data,
+                                                                     session_datum.size,
+                                                                     (GDestroyNotify)gnutls_free,
+                                                                     session_datum.data);
+
+                  g_tls_backend_gnutls_store_session (GNUTLS_CLIENT,
+                                                      gnutls->priv->session_id,
+                                                      session_data);
+                  g_bytes_unref (session_data);
+                }
+              else
+                g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->priv->session_id);
+            }
        }
       else
        g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->priv->session_id);


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]