[glib-networking/mcatanzaro/session-resumption: 2/3] gnutls: enable session tickets on server side

[Michael Catanzaro <mcatanzaro src gnome org>]

commit 1cb6d9765e5f9371697a216dd387c380891d1337
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Wed Aug 14 11:15:30 2019 -0500

    gnutls: enable session tickets on server side
    
    Session resumption is now compatible with both TLS 1.2 and TLS 1.3. The
    only configuration no longer supported is older TLS clients that only
    support session identifiers stored by the server, not session tickets.
    In practice, that should be almost nothing.

 tls/gnutls/gtlsserverconnection-gnutls.c | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)
---
diff --git a/tls/gnutls/gtlsserverconnection-gnutls.c b/tls/gnutls/gtlsserverconnection-gnutls.c
index 1dd1f3c..c2c0426 100644
--- a/tls/gnutls/gtlsserverconnection-gnutls.c
+++ b/tls/gnutls/gtlsserverconnection-gnutls.c
@@ -49,6 +49,8 @@ struct _GTlsServerConnectionGnutls
   gnutls_pcert_st *pcert;
   unsigned int pcert_length;
   gnutls_privkey_t pkey;
+
+  gnutls_datum_t session_ticket_key;
 };
 
 static void     g_tls_server_connection_gnutls_initable_interface_init (GInitableIface  *iface);
@@ -101,6 +103,12 @@ g_tls_server_connection_gnutls_finalize (GObject *object)
 
   clear_gnutls_certificate_copy (gnutls);
 
+  if (gnutls->session_ticket_key.data)
+    {
+      gnutls_memset (gnutls->session_ticket_key.data, 0, gnutls->session_ticket_key.size);
+      gnutls_free (gnutls->session_ticket_key.data);
+    }
+
   G_OBJECT_CLASS (g_tls_server_connection_gnutls_parent_class)->finalize (object);
 }
 
@@ -109,12 +117,12 @@ g_tls_server_connection_gnutls_initable_init (GInitable       *initable,
                                               GCancellable    *cancellable,
                                               GError         **error)
 {
-  GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
+  GTlsServerConnectionGnutls *gnutls = G_TLS_SERVER_CONNECTION_GNUTLS (initable);
   GTlsCertificate *cert;
   gnutls_session_t session;
+  int ret;
 
-  if (!g_tls_server_connection_gnutls_parent_initable_iface->
-      init (initable, cancellable, error))
+  if (!g_tls_server_connection_gnutls_parent_initable_iface->init (initable, cancellable, error))
     return FALSE;
 
   session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls));
@@ -127,6 +135,18 @@ g_tls_server_connection_gnutls_initable_init (GInitable       *initable,
       return FALSE;
     }
 
+  ret = gnutls_session_ticket_key_generate (&gnutls->session_ticket_key);
+  if (ret != GNUTLS_E_SUCCESS)
+    {
+      g_warning ("Failed to generate session ticket key, session resumption will not work: %s", 
gnutls_strerror (ret));
+    }
+  else
+    {
+      ret = gnutls_session_ticket_enable_server (session, &gnutls->session_ticket_key);
+      if (ret != GNUTLS_E_SUCCESS)
+        g_warning ("Failed to enable session tickets, session resumption will not work: %s", gnutls_strerror 
(ret));
+    }
+
   return TRUE;
 }