From 1eeb33d5d7ee3fa2996bd866f08508ed6c55e9cc Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 11 Mar 2013 19:49:06 +0100
Subject: [PATCH] enable session tickets.

---
 NEWS             | 1 +
 src/tlslib.c     | 3 +++
 src/tlslib.h     | 1 +
 src/worker-vpn.c | 4 +++-
 4 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 93612dfe..b7b678c8 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,7 @@
 
 - Corrected issue with ocsp-response configuration field.
 - Added ability to specify multiple certificate and key pairs.
+- Added support for TLS session tickets.
 
 * Version 0.0.2 (released 2013-03-05)
 
diff --git a/src/tlslib.c b/src/tlslib.c
index 4378f42b..1cc075eb 100644
--- a/src/tlslib.c
+++ b/src/tlslib.c
@@ -507,6 +507,9 @@ const char* perr;
 		mslog(s, NULL, LOG_ERR, "error in TLS priority string: %s\n", perr);
 	GNUTLS_FATAL_ERR(ret);
 	
+	ret = gnutls_session_ticket_key_generate(&s->creds.ticket_key);
+	GNUTLS_FATAL_ERR(ret);
+	
 	if (s->config->ocsp_response != NULL) {
 		ret = gnutls_certificate_set_ocsp_status_request_file(s->creds.xcred,
 			s->config->ocsp_response, 0);
diff --git a/src/tlslib.h b/src/tlslib.h
index 778afa68..998a8be4 100644
--- a/src/tlslib.h
+++ b/src/tlslib.h
@@ -57,6 +57,7 @@ struct tls_st {
 	gnutls_certificate_credentials_t xcred;
 	gnutls_priority_t cprio;
 	gnutls_dh_params_t dh_params;
+	gnutls_datum_t ticket_key;
 	char pin[MAX_PIN_SIZE];
 	char srk_pin[MAX_PIN_SIZE];
 };
diff --git a/src/worker-vpn.c b/src/worker-vpn.c
index 3d20f48d..7f45270a 100644
--- a/src/worker-vpn.c
+++ b/src/worker-vpn.c
@@ -403,7 +403,7 @@ gnutls_datum_t sid = { ws->session_id, sizeof(ws->session_id) };
 		oclog(ws, LOG_ERR, "could not initialize TLS session: %s", gnutls_strerror(ret));
 		return -1;
 	}
-
+	
 	ret = gnutls_priority_set_direct(session, GNUTLS_CIPHERSUITE, NULL);
 	if (ret < 0) {
 		oclog(ws, LOG_ERR, "could not set TLS priority: %s", gnutls_strerror(ret));
@@ -500,6 +500,8 @@ void vpn_server(struct worker_st* ws)
 	ret = gnutls_init(&session, GNUTLS_SERVER);
 	GNUTLS_FATAL_ERR(ret);
 
+	gnutls_session_ticket_enable_server(session, &ws->creds->ticket_key);
+
 	ret = gnutls_priority_set(session, ws->creds->cprio);
 	GNUTLS_FATAL_ERR(ret);