[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] session ticket support
|
From: |
Daiki Ueno |
|
Subject: |
Re: [PATCH] session ticket support |
|
Date: |
Tue, 04 Aug 2009 03:19:21 +0900 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux) |
>>>>> In <address@hidden>
>>>>> Nikos Mavrogiannopoulos <address@hidden> wrote:
> > When I changed _gnutls_recv_new_session_ticket to generate new session
> > ID, it started to work. I attach the new patch, which includes:
> I have some questions for you. I was checking the parts that unpack
> and pack the session and was wondering whether using the
> _gnutls_session_pack() would be possible. In that case both
> implementations of the DB and session ticket backends will share
> common code.
I chose the RFC format just because the patch was initially for
experimental purpose. Using _gnutls_session_pack() would be definitely
better.
I've just tried to make use of the internal format, the code became much
simpler (which reduced ~100 lines). Thanks for the suggestion.
> Another issue I noticed while checking the code is that if the session
> ticket doesn't decrypt well or doesn't verify well, an error is
> returned... Wouldn't it be more appropriate to just continue ignoring
> the ticket and perform a full handshake?
Absolutely. I'll post a new patch shortly, with other polishments
(adding interface docs, etc.).
Regards,
--
Daiki Ueno
- Re: [PATCH] session ticket support,
Daiki Ueno <=