[glib-networking/mcatanzaro/session-resumption: 19/24] gnutls: remove server support for session ID storage
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/mcatanzaro/session-resumption: 19/24] gnutls: remove server support for session ID storage
- Date: Tue, 29 Oct 2019 19:07:29 +0000 (UTC)
commit 3e65f6c20b7bb1d5d979c91a9c17c3ead129dc25
Author: Michael Catanzaro <mcatanzaro gnome org>
Date: Wed Aug 14 10:53:27 2019 -0500
gnutls: remove server support for session ID storage
This doesn't work with TLS 1.3. Let's switch to session tickets instead,
delegating storage to clients.
tls/gnutls/gtlsconnection-gnutls.c | 3 +-
tls/gnutls/gtlsserverconnection-gnutls.c | 78 --------------------------------
2 files changed, 2 insertions(+), 79 deletions(-)
---
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index 42faa8a..f4658fe 100644
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -560,7 +560,8 @@ end_gnutls_io (GTlsConnectionGnutls *gnutls,
status = end_gnutls_io (gnutls, direction, ret, err, errmsg); \
} while (status == G_TLS_CONNECTION_BASE_TRY_AGAIN); \
\
- if (status == G_TLS_CONNECTION_BASE_ERROR) \
+ if (status == G_TLS_CONNECTION_BASE_ERROR && \
+ G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)-> failed) \
G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);
static void
diff --git a/tls/gnutls/gtlsserverconnection-gnutls.c b/tls/gnutls/gtlsserverconnection-gnutls.c
index 7d72670..d9a4e29 100644
--- a/tls/gnutls/gtlsserverconnection-gnutls.c
+++ b/tls/gnutls/gtlsserverconnection-gnutls.c
@@ -64,14 +64,6 @@ static int g_tls_server_connection_gnutls_handshake_thread_retrieve_function (gn
unsigned int
*pcert_length,
gnutls_privkey_t
*pkey);
-static int g_tls_server_connection_gnutls_db_store (void *user_data,
- gnutls_datum_t key,
- gnutls_datum_t data);
-static int g_tls_server_connection_gnutls_db_remove (void *user_data,
- gnutls_datum_t key);
-static gnutls_datum_t g_tls_server_connection_gnutls_db_retrieve (void *user_data,
- gnutls_datum_t key);
-
static GInitableIface *g_tls_server_connection_gnutls_parent_initable_iface;
G_DEFINE_TYPE_WITH_CODE (GTlsServerConnectionGnutls, g_tls_server_connection_gnutls,
G_TYPE_TLS_CONNECTION_GNUTLS,
@@ -125,9 +117,6 @@ g_tls_server_connection_gnutls_initable_init (GInitable *initable,
gnutls_certificate_set_retrieve_function2 (creds,
g_tls_server_connection_gnutls_handshake_thread_retrieve_function);
session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls));
- gnutls_db_set_retrieve_function (session, g_tls_server_connection_gnutls_db_retrieve);
- gnutls_db_set_store_function (session, g_tls_server_connection_gnutls_db_store);
- gnutls_db_set_remove_function (session, g_tls_server_connection_gnutls_db_remove);
/* Currently we don't know ahead of time if a PKCS #11 backed certificate has a private key. */
cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (initable));
@@ -204,12 +193,6 @@ g_tls_server_connection_gnutls_handshake_thread_retrieve_function (gnutls_sessio
return 0;
}
-static void
-g_tls_server_connection_gnutls_failed (GTlsConnectionGnutls *gnutls)
-{
- gnutls_db_remove_session (g_tls_connection_gnutls_get_session (gnutls));
-}
-
static void
g_tls_server_connection_gnutls_prepare_handshake (GTlsConnectionBase *tls,
gchar **advertised_protocols)
@@ -238,70 +221,11 @@ g_tls_server_connection_gnutls_prepare_handshake (GTlsConnectionBase *tls,
G_TLS_CONNECTION_BASE_CLASS (g_tls_server_connection_gnutls_parent_class)->prepare_handshake (tls,
advertised_protocols);
}
-/* Session cache management */
-
-static int
-g_tls_server_connection_gnutls_db_store (void *user_data,
- gnutls_datum_t key,
- gnutls_datum_t data)
-{
- GBytes *session_id, *session_data;
-
- session_id = g_bytes_new (key.data, key.size);
- session_data = g_bytes_new (data.data, data.size);
- g_tls_backend_gnutls_store_session (GNUTLS_SERVER, session_id, session_data);
- g_bytes_unref (session_id);
- g_bytes_unref (session_data);
-
- return 0;
-}
-
-static int
-g_tls_server_connection_gnutls_db_remove (void *user_data,
- gnutls_datum_t key)
-{
- GBytes *session_id;
-
- session_id = g_bytes_new (key.data, key.size);
- g_tls_backend_gnutls_remove_session (GNUTLS_SERVER, session_id);
- g_bytes_unref (session_id);
-
- return 0;
-}
-
-static gnutls_datum_t
-g_tls_server_connection_gnutls_db_retrieve (void *user_data,
- gnutls_datum_t key)
-{
- GBytes *session_id, *session_data;
- gnutls_datum_t data;
-
- session_id = g_bytes_new (key.data, key.size);
- session_data = g_tls_backend_gnutls_lookup_session (GNUTLS_SERVER, session_id);
- g_bytes_unref (session_id);
-
- if (session_data)
- {
- data.size = g_bytes_get_size (session_data);
- data.data = gnutls_malloc (data.size);
- memcpy (data.data, g_bytes_get_data (session_data, NULL), data.size);
- g_bytes_unref (session_data);
- }
- else
- {
- data.size = 0;
- data.data = NULL;
- }
-
- return data;
-}
-
static void
g_tls_server_connection_gnutls_class_init (GTlsServerConnectionGnutlsClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
- GTlsConnectionGnutlsClass *gnutls_class = G_TLS_CONNECTION_GNUTLS_CLASS (klass);
gobject_class->finalize = g_tls_server_connection_gnutls_finalize;
gobject_class->get_property = g_tls_server_connection_gnutls_get_property;
@@ -309,8 +233,6 @@ g_tls_server_connection_gnutls_class_init (GTlsServerConnectionGnutlsClass *klas
base_class->prepare_handshake = g_tls_server_connection_gnutls_prepare_handshake;
- gnutls_class->failed = g_tls_server_connection_gnutls_failed;
-
g_object_class_override_property (gobject_class, PROP_AUTHENTICATION_MODE, "authentication-mode");
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
