diff options
| author | Petr Špaček <petr.spacek@nic.cz> | 2020-07-09 16:51:54 +0200 |
|---|---|---|
| committer | Tomas Krizek <tomas.krizek@nic.cz> | 2020-07-10 14:18:37 +0200 |
| commit | 1e5d3081afe1a1b48aa19a093a46b5b1e25e03ad (patch) | |
| tree | 50559d221394a13687b07f21c71e5ca9eb7e697f /daemon/tls_session_ticket-srv.c | |
| parent | Merge branch 'gitlab-move' into 'master' (diff) | |
| download | knot-resolver-1e5d3081afe1a1b48aa19a093a46b5b1e25e03ad.tar.xz knot-resolver-1e5d3081afe1a1b48aa19a093a46b5b1e25e03ad.zip | |
tls: enable net.tls_sticket_secret() for session resumption across processes
Diffstat (limited to 'daemon/tls_session_ticket-srv.c')
| -rw-r--r-- | daemon/tls_session_ticket-srv.c | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/daemon/tls_session_ticket-srv.c b/daemon/tls_session_ticket-srv.c index 4335c69e..ac4fb2e1 100644 --- a/daemon/tls_session_ticket-srv.c +++ b/daemon/tls_session_ticket-srv.c @@ -26,11 +26,13 @@ /** Compile-time support for setting the secret. */ /* This is not secure with TLS <= 1.2 but TLS 1.3 and secure configuration - * is not available in GnuTLS yet. See https://gitlab.com/gnutls/gnutls/issues/477 -#ifndef TLS_SESSION_RESUMPTION_SYNC - #define TLS_SESSION_RESUMPTION_SYNC (GNUTLS_VERSION_NUMBER >= 0x030603) + * is not available in GnuTLS yet. See https://gitlab.com/gnutls/gnutls/issues/477 */ +#define TLS_SESSION_RESUMPTION_SYNC (GNUTLS_VERSION_NUMBER >= 0x030603) +#if TLS_SESSION_RESUMPTION_SYNC + #define TST_HASH GNUTLS_DIG_SHA3_512 +#else + #define TST_HASH abort() #endif -*/ #if GNUTLS_VERSION_NUMBER < 0x030400 /* It's of little use anyway. We may get the secret through lua, @@ -38,12 +40,6 @@ #define gnutls_memset memset #endif -#ifdef GNUTLS_DIG_SHA3_512 - #define TST_HASH GNUTLS_DIG_SHA3_512 -#else - #define TST_HASH abort() -#endif - /** Fields are internal to tst_key_* functions. */ typedef struct tls_session_ticket_ctx { uv_timer_t timer; /**< timer for rotation of the key */ |