From 10b9aa70912c940106b28a982ca5facd0b25053b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Fri, 29 Jun 2018 11:34:12 +0200 Subject: [PATCH] TLS session resumption: disable on gnutls < 3.5 --- NEWS | 1 + daemon/tls_session_ticket-srv.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/NEWS b/NEWS index d68bfae7e..fbbabeff8 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,7 @@ Security New features ------------ - TLS session resumption (RFC 5077), both server and client (!585, #105) + (disabled when compiling with gnutls < 3.5) - aggressive caching for NSEC3 zones - optional protection from DNS Rebinding attack (module rebinding) diff --git a/daemon/tls_session_ticket-srv.c b/daemon/tls_session_ticket-srv.c index 11a7e3196..9c7acbb18 100644 --- a/daemon/tls_session_ticket-srv.c +++ b/daemon/tls_session_ticket-srv.c @@ -240,6 +240,10 @@ tst_ctx_t * tls_session_ticket_ctx_create(uv_loop_t *loop, const char *secret, size_t secret_len) { assert(loop && (!secret_len || secret)); + #if GNUTLS_VERSION_NUMBER < 0x030500 + /* We would need different SESSION_KEY_SIZE; avoid assert. */ + return NULL; + #endif tst_ctx_t *ctx = tst_key_create(secret, secret_len, loop); if (ctx) { tst_key_check(&ctx->timer, true); -- 2.47.3