Changeset 641d11b in mod_gnutls for src/gnutls_proxy.c


Ignore:
Timestamp:
Jun 5, 2020, 2:18:27 PM (13 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
asyncio, master
Children:
e6d9e47
Parents:
2b1b52f
Message:

Delete session tickets for proxy connections when using them

Tickets should not be reused because an attacker could correlate
connections using the same ticket. Cache deletion code has been
extracted from socache_delete_session() into a generic function.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_proxy.c

    r2b1b52f r641d11b  
    427427    }
    428428
    429     // TODO: delete the cache entry
     429    /* Best effort attempt to avoid ticket reuse. Unfortunately
     430     * another thread or process could update (or remove) the cache in
     431     * between, but that can't be avoided without forcing use of a
     432     * global mutex even with a multiprocess-safe socache provider. */
     433    mgs_cache_delete(ctxt->sc->cache, ctxt->c->base_server,
     434                     ctxt->proxy_ticket_key, ctxt->c->pool);
    430435
    431436    int ret = gnutls_session_set_data(ctxt->session, data.data, data.size);
Note: See TracChangeset for help on using the changeset viewer.