[glib-networking/mcatanzaro/copy-session-state] gnutls: bring back copy_session_state() support for TLS 1.2
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/mcatanzaro/copy-session-state] gnutls: bring back copy_session_state() support for TLS 1.2
- Date: Sun, 2 Feb 2020 01:02:32 +0000 (UTC)
commit c287389d3f27fddc52adb9fd80f0ea2943db5ca0
Author: Michael Catanzaro <mcatanzaro gnome org>
Date: Sat Feb 1 18:59:12 2020 -0600
gnutls: bring back copy_session_state() support for TLS 1.2
This should probably avoid breaking GVfs's FTPS support.
tls/gnutls/gtlsclientconnection-gnutls.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
---
diff --git a/tls/gnutls/gtlsclientconnection-gnutls.c b/tls/gnutls/gtlsclientconnection-gnutls.c
index 734ad75..39b061a 100644
--- a/tls/gnutls/gtlsclientconnection-gnutls.c
+++ b/tls/gnutls/gtlsclientconnection-gnutls.c
@@ -495,6 +495,8 @@ g_tls_client_connection_gnutls_complete_handshake (GTlsConnectionBase *tls,
GError **error)
{
GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (tls);
+ gnutls_session_t session;
+ gnutls_protocol_t version;
G_TLS_CONNECTION_BASE_CLASS (g_tls_client_connection_gnutls_parent_class)->complete_handshake (tls,
negotiated_protocol, error);
@@ -503,6 +505,32 @@ g_tls_client_connection_gnutls_complete_handshake (GTlsConnectionBase *tls,
*/
if (gnutls->accepted_cas_changed)
g_object_notify (G_OBJECT (gnutls), "accepted-cas");
+
+ /* If we're not using TLS 1.3, store the session ticket here. We
+ * don't normally perform session resumption in TLS 1.2, but we still
+ * support it if the application calls copy_session_state() (which
+ * doesn't exist for DTLS, so do this for TLS only).
+ *
+ * Note to distant future: remove this when dropping TLS 1.2 support.
+ */
+ session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (tls));
+ version = gnutls_protocol_get_version (session);
+ if (version <= GNUTLS_TLS1_2 && !g_tls_connection_base_is_dtls (tls))
+ {
+ gnutls_datum_t session_datum;
+
+ g_tls_client_connection_gnutls_clear_session_data (G_TLS_CLIENT_CONNECTION_GNUTLS (tls));
+
+ if (gnutls_session_get_data2 (g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (tls)),
+ &session_datum) == 0)
+ {
+ g_clear_pointer (&gnutls->session_data, g_bytes_unref);
+ gnutls->session_data = g_bytes_new_with_free_func (session_datum.data,
+ session_datum.size,
+ (GDestroyNotify)gnutls_free,
+ session_datum.data);
+ }
+ }
}
static void
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]