Merge branch 'tmp-no-auto-send-ticket' into 'master'

handshake-tls13: add session flag to disable sending session tickets See merge request gnutls/gnutls!1234
author: Daiki Ueno <ueno@gnu.org> 2020-04-20 06:12:33 +0000
committer: Daiki Ueno <ueno@gnu.org> 2020-04-20 06:12:33 +0000
commit: 55611b8fa7f8c18bb94fcb6d3af391b844c97077 (patch)
tree: 35b0d2fa8c808fa653695e65828c4292df756ec5 /lib
parent: ad088e83abae914f9a592b27136ce063004a7ff8 (diff)
parent: ced929668e1657d9c8d557dd48b2661077f41b11 (diff)
download: gnutls-55611b8fa7f8c18bb94fcb6d3af391b844c97077.tar.gz
2 files changed, 9 insertions, 4 deletions
diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c
index 24f5af65c6..ea236c803c 100644
--- a/lib/handshake-tls13.c
+++ b/lib/handshake-tls13.c
@@ -510,8 +510,9 @@ int _gnutls13_handshake_server(gnutls_session_t session)
 			_gnutls_set_resumed_parameters(session);
 
 		if (session->internals.hsk_flags & HSK_EARLY_START_USED) {
-			ret = _gnutls13_send_session_ticket(session, TLS13_TICKETS_TO_SEND,
-							    AGAIN(STATE109));
+			if (!(session->internals.flags & GNUTLS_NO_AUTO_SEND_TICKET))
+				ret = _gnutls13_send_session_ticket(session, TLS13_TICKETS_TO_SEND,
+								    AGAIN(STATE109));
 
 			STATE = STATE109;
 			IMED_RET("send session ticket", ret, 0);
@@ -565,7 +566,8 @@ int _gnutls13_handshake_server(gnutls_session_t session)
 
 		FALLTHROUGH;
 	case STATE115:
-		if (!(session->internals.hsk_flags & (HSK_TLS13_TICKET_SENT|HSK_EARLY_START_USED))) {
+		if (!(session->internals.hsk_flags & (HSK_TLS13_TICKET_SENT|HSK_EARLY_START_USED)) &&
+		    !(session->internals.flags & GNUTLS_NO_AUTO_SEND_TICKET)) {
 			ret = _gnutls13_send_session_ticket(session, TLS13_TICKETS_TO_SEND,
 							    AGAIN(STATE115));
 			STATE = STATE115;
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index a6c3c0ef30..517153634a 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -461,6 +461,8 @@ typedef enum {
  * @GNUTLS_ENABLE_EARLY_DATA: Under TLS1.3 allow the server to receive early data sent as part of the initial ClientHello (0-RTT). 
  *    This is not enabled by default as early data has weaker security properties than other data. Since 3.6.5.
  * @GNUTLS_ENABLE_RAWPK: Allows raw public-keys to be negotiated during the handshake. Since 3.6.6.
+ * @GNUTLS_NO_AUTO_SEND_TICKET: Under TLS1.3 disable auto-sending of
+ *    session tickets during the handshake.
  *
  * Enumeration of different flags for gnutls_init() function. All the flags
  * can be combined except @GNUTLS_SERVER and @GNUTLS_CLIENT which are mutually
@@ -491,7 +493,8 @@ typedef enum {
 	GNUTLS_ENABLE_EARLY_START = (1<<17),
 	GNUTLS_ENABLE_RAWPK = (1<<18),
 	GNUTLS_AUTO_REAUTH = (1<<19),
-	GNUTLS_ENABLE_EARLY_DATA = (1<<20)
+	GNUTLS_ENABLE_EARLY_DATA = (1<<20),
+	GNUTLS_NO_AUTO_SEND_TICKET = (1<<21)
 } gnutls_init_flags_t;
 
 /* compatibility defines (previous versions of gnutls
author	Daiki Ueno <ueno@gnu.org>	2020-04-20 06:12:33 +0000
committer	Daiki Ueno <ueno@gnu.org>	2020-04-20 06:12:33 +0000
commit	55611b8fa7f8c18bb94fcb6d3af391b844c97077 (patch)
tree	35b0d2fa8c808fa653695e65828c4292df756ec5 /lib
parent	ad088e83abae914f9a592b27136ce063004a7ff8 (diff)
parent	ced929668e1657d9c8d557dd48b2661077f41b11 (diff)
download	gnutls-55611b8fa7f8c18bb94fcb6d3af391b844c97077.tar.gz