Re: [PATCH] session ticket support

[Nikos Mavrogiannopoulos]

On Tue, Jul 28, 2009 at 4:27 AM, Daiki Ueno<address@hidden> wrote:

> When I changed _gnutls_recv_new_session_ticket to generate new session
> ID, it started to work.  I attach the new patch, which includes:
[...]

Hello Daiki,
 I have some questions for you.  I was checking the parts that unpack
and pack the session and was wondering whether using the
_gnutls_session_pack() would be possible. In that case  both
implementations of the DB and session ticket backends will share
common code. The parts that triggered my interest there is that the
rfc suggests some structures that are actually another implementation
of those gnutls functions (and the individual cases such as
psk/certificates are already handled there). Do you think that the rfc
format for packed data would be more suitable, or there are reasons to
use it instead of the internal?

Another issue I noticed while checking the code is that if the session
ticket doesn't decrypt well or doesn't verify well, an error is
returned... Wouldn't it be more appropriate to just continue ignoring
the ticket and perform a full handshake?

all best,
Nikos