Re: [PATCH] session ticket support

[Daiki Ueno]

Hi Nikos,

>>>>> In <address@hidden> 
>>>>>   Nikos Mavrogiannopoulos <address@hidden> wrote:
> > The attached is an experimental patch which adds support for RFC5077
> > SessionTicket extension to GnuTLS.  I would appreciate any comment.
> > 
> > Some notes:
> > 
> > - I added gnutls_ext_register2, since the send_params callback of
> >   gnutls_ext_register is not currently able to send empty extension
> >   data.

>  I have modified your patch and gnutls to avoid the need for send_func2.
> (new patch attached).

Thanks for reviewing.  I agree with that having a second function just
for sending empty data is too much.

> Some questions I'd like to pose you are:
> - Would you be willing to transfer copyright to FSF for your code?

Sure.

> - Have you checked this implementation against others?

Not yet.  I'll check it against OpenSSL this weekend.

> - It seems gnutls_session_ticket_enable_server() requires some random
> key to be available. Do you have thought a way for this key to be generated?

Though I have no idea how to generate that key, how about an interface
something like:

  gnutls_session_ticket_server_key_t key;

  gnutls_session_ticket_allocate_server_key (&key);
  /* NULL for generating a random key internally. */
  gnutls_session_ticket_set_server_key (key, NULL, -1);

  for (;;)
    {
      sd = accept (listen_sd, ...);
      ...
      /* Generate only IV here. */
      gnutls_session_ticket_enable_server (session, key);
    }

Sorry if I'm missing the subject.

Regards,
-- 
Daiki Ueno