88 lines
2.9 KiB
Diff
88 lines
2.9 KiB
Diff
From f27358ecba654ef931c0a761a540dc9e2d2e67f0 Mon Sep 17 00:00:00 2001
|
|
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
Date: Fri, 20 Mar 2020 16:37:33 +0100
|
|
Subject: [PATCH] gnutls-cli: Add option to wait for resumption data
|
|
|
|
This introduces the --waitresumption command line option which makes the
|
|
client to wait for the resumption data until a ticket is received under
|
|
TLS1.3. The client will block if no ticket is received. The new option
|
|
has no effect if the option --resume is not provided.
|
|
|
|
This is useful to force the client to wait for the resumption data when
|
|
the server takes long to send the ticket, allowing the session
|
|
resumption to be tested. This is a common scenario in CI systems where
|
|
the testing machines have limited resources.
|
|
|
|
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
---
|
|
src/cli-args.def | 6 ++++++
|
|
src/cli.c | 21 +++++++++++++++------
|
|
2 files changed, 21 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/src/cli-args.def b/src/cli-args.def
|
|
index a8760fab9..56ae77b07 100644
|
|
--- a/src/cli-args.def
|
|
+++ b/src/cli-args.def
|
|
@@ -471,6 +471,12 @@ flag = {
|
|
doc = "";
|
|
};
|
|
|
|
+flag = {
|
|
+ name = waitresumption;
|
|
+ descrip = "Block waiting for the resumption data under TLS1.3";
|
|
+ doc = "This option makes the client to block waiting for the resumption data under TLS1.3. The option has effect only when --resume is provided.";
|
|
+};
|
|
+
|
|
doc-section = {
|
|
ds-type = 'SEE ALSO'; // or anything else
|
|
ds-format = 'texi'; // or texi or mdoc format
|
|
diff --git a/src/cli.c b/src/cli.c
|
|
index db072b930..c3d074f08 100644
|
|
--- a/src/cli.c
|
|
+++ b/src/cli.c
|
|
@@ -78,7 +78,7 @@
|
|
|
|
/* global stuff here */
|
|
int resume, starttls, insecure, ranges, rehandshake, udp, mtu,
|
|
- inline_commands;
|
|
+ inline_commands, waitresumption;
|
|
unsigned int global_vflags = 0;
|
|
char *hostname = NULL;
|
|
char service[32]="";
|
|
@@ -992,11 +992,19 @@ static int try_resume(socket_st * hd)
|
|
gnutls_datum_t edata = {NULL, 0};
|
|
|
|
if (gnutls_session_is_resumed(hd->session) == 0) {
|
|
- /* not resumed - obtain the session data */
|
|
- ret = gnutls_session_get_data2(hd->session, &rdata);
|
|
- if (ret < 0) {
|
|
- rdata.data = NULL;
|
|
- }
|
|
+ do {
|
|
+ /* not resumed - obtain the session data */
|
|
+ ret = gnutls_session_get_data2(hd->session, &rdata);
|
|
+ if (ret < 0) {
|
|
+ rdata.data = NULL;
|
|
+ }
|
|
+
|
|
+ if ((gnutls_protocol_get_version(hd->session) != GNUTLS_TLS1_3) ||
|
|
+ ((gnutls_session_get_flags(hd->session) &
|
|
+ GNUTLS_SFLAGS_SESSION_TICKET))) {
|
|
+ break;
|
|
+ }
|
|
+ } while (waitresumption);
|
|
} else {
|
|
/* resumed - try to reuse the previous session data */
|
|
rdata.data = hd->rdata.data;
|
|
@@ -1688,6 +1696,7 @@ static void cmd_parser(int argc, char **argv)
|
|
rehandshake = HAVE_OPT(REHANDSHAKE);
|
|
insecure = HAVE_OPT(INSECURE);
|
|
ranges = HAVE_OPT(RANGES);
|
|
+ waitresumption = HAVE_OPT(WAITRESUMPTION);
|
|
|
|
if (insecure || HAVE_OPT(VERIFY_ALLOW_BROKEN)) {
|
|
global_vflags |= GNUTLS_VERIFY_ALLOW_BROKEN;
|
|
--
|
|
2.25.4
|
|
|