Changeset cebb74a in mod_gnutls


Ignore:
Timestamp:
Sep 16, 2017, 5:12:54 PM (3 months ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
master
Children:
017ef2d
Parents:
e389b85
Message:

Remove broken SNI/session resumption workaround

By specification, the server name should be available to the post
client hello function, which uses it to select the virtual host. The
deleted "workaround" doesn't actually help if GnuTLS does not parse
the Server Name Indication extension correctly. As of this writing
there is a bug in GnuTLS that prevents SNI during resumption from
cache, while session tickets work (use "GnuTLSSessionTickets On").

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_io.c

    r08b821a rcebb74a  
    446446        /* all done with the handshake */
    447447        ctxt->status = 1;
    448         /* If the session was resumed, we did not set the correct
    449          * server_rec in ctxt->sc.  Go Find it. (ick!)
    450          */
    451         if (gnutls_session_is_resumed(ctxt->session)) {
    452             mgs_srvconf_rec *sc;
    453             sc = mgs_find_sni_server(ctxt->session);
    454             if (sc) {
    455                 ctxt->sc = sc;
    456             }
     448        if (gnutls_session_is_resumed(ctxt->session))
     449        {
     450            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c,
     451                          "%s: TLS session resumed.", __func__);
    457452        }
    458453        return GNUTLS_E_SUCCESS;
Note: See TracChangeset for help on using the changeset viewer.