Changeset cebb74a in mod_gnutls

Timestamp:

Sep 16, 2017, 5:12:54 PM (2 years ago)

Author:

Thomas Klute <thomas2.klute@…>

Branches:

debian/master, debian/stretch-backports, master, upstream

Children:

017ef2d

Parents:

e389b85

Message:

Remove broken SNI/session resumption workaround

By specification, the server name should be available to the post
client hello function, which uses it to select the virtual host. The
deleted "workaround" doesn't actually help if GnuTLS does not parse
the Server Name Indication extension correctly. As of this writing
there is a bug in GnuTLS that prevents SNI during resumption from
cache, while session tickets work (use "GnuTLSSessionTickets On").

File:

• src/gnutls_io.c (modified) (1 diff)

src/gnutls_io.c

@@ -446 +446 @@
         /* all done with the handshake */
         ctxt->status = 1;
-        /* If the session was resumed, we did not set the correct
-         * server_rec in ctxt->sc.  Go Find it. (ick!)
-         */
-        if (gnutls_session_is_resumed(ctxt->session)) {
-            mgs_srvconf_rec *sc;
-            sc = mgs_find_sni_server(ctxt->session);
-            if (sc) {
-                ctxt->sc = sc;
-            }
+        if (gnutls_session_is_resumed(ctxt->session))
+        {
+            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c,
+                          "%s: TLS session resumed.", __func__);
         }
         return GNUTLS_E_SUCCESS;