GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

enable session tickets.

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2013-03-11 19:49:06 +01:00
parent 979729e8a3
commit 1eeb33d5d7
4 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@@ -2,6 +2,7 @@
- Corrected issue with ocsp-response configuration field. - Corrected issue with ocsp-response configuration field.
- Added ability to specify multiple certificate and key pairs. - Added ability to specify multiple certificate and key pairs.
- Added support for TLS session tickets.
* Version 0.0.2 (released 2013-03-05) * Version 0.0.2 (released 2013-03-05)

3
src/tlslib.c
View File

@@ -507,6 +507,9 @@ const char* perr;
mslog(s, NULL, LOG_ERR, "error in TLS priority string: %s\n", perr); mslog(s, NULL, LOG_ERR, "error in TLS priority string: %s\n", perr);
GNUTLS_FATAL_ERR(ret); GNUTLS_FATAL_ERR(ret);
ret = gnutls_session_ticket_key_generate(&s->creds.ticket_key);
GNUTLS_FATAL_ERR(ret);
if (s->config->ocsp_response != NULL) { if (s->config->ocsp_response != NULL) {
ret = gnutls_certificate_set_ocsp_status_request_file(s->creds.xcred, ret = gnutls_certificate_set_ocsp_status_request_file(s->creds.xcred,
s->config->ocsp_response, 0); s->config->ocsp_response, 0);

1
src/tlslib.h
View File

@@ -57,6 +57,7 @@ struct tls_st {
gnutls_certificate_credentials_t xcred; gnutls_certificate_credentials_t xcred;
gnutls_priority_t cprio; gnutls_priority_t cprio;
gnutls_dh_params_t dh_params; gnutls_dh_params_t dh_params;
gnutls_datum_t ticket_key;
char pin[MAX_PIN_SIZE]; char pin[MAX_PIN_SIZE];
char srk_pin[MAX_PIN_SIZE]; char srk_pin[MAX_PIN_SIZE];
}; };

4
src/worker-vpn.c
View File

@@ -403,7 +403,7 @@ gnutls_datum_t sid = { ws->session_id, sizeof(ws->session_id) };
oclog(ws, LOG_ERR, "could not initialize TLS session: %s", gnutls_strerror(ret)); oclog(ws, LOG_ERR, "could not initialize TLS session: %s", gnutls_strerror(ret));
return -1; return -1;
} }
ret = gnutls_priority_set_direct(session, GNUTLS_CIPHERSUITE, NULL); ret = gnutls_priority_set_direct(session, GNUTLS_CIPHERSUITE, NULL);
if (ret < 0) { if (ret < 0) {
oclog(ws, LOG_ERR, "could not set TLS priority: %s", gnutls_strerror(ret)); oclog(ws, LOG_ERR, "could not set TLS priority: %s", gnutls_strerror(ret));
@@ -500,6 +500,8 @@ void vpn_server(struct worker_st* ws)
ret = gnutls_init(&session, GNUTLS_SERVER); ret = gnutls_init(&session, GNUTLS_SERVER);
GNUTLS_FATAL_ERR(ret); GNUTLS_FATAL_ERR(ret);
gnutls_session_ticket_enable_server(session, &ws->creds->ticket_key);
ret = gnutls_priority_set(session, ws->creds->cprio); ret = gnutls_priority_set(session, ws->creds->cprio);
GNUTLS_FATAL_ERR(ret); GNUTLS_FATAL_ERR(ret);