dnsdist: Fix compilation on older GnuTLS versions

author Remi Gacogne <remi.gacogne@powerdns.com>

Thu, 6 May 2021 09:37:26 +0000 (11:37 +0200)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Thu, 26 Aug 2021 14:30:27 +0000 (16:30 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Thu, 6 May 2021 09:37:26 +0000 (11:37 +0200)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Thu, 26 Aug 2021 14:30:27 +0000 (16:30 +0200)
diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc

index 1a7165406fdcc149674b6399bd57beb413a35ba6..3cd85473321e72e1c8015cb98167ff2ed07a85d7 100644 (file)
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -1134,9 +1134,17 @@ public:
  
    std::unique_ptr<TLSSession> getSession() const override
    {
-    /* with TLS 1.3, gnutls_session_get_data2() will _wait_ for a ticket is there is none yet.. */
-    if ((gnutls_session_get_flags(d_conn.get()) & GNUTLS_SFLAGS_SESSION_TICKET) == 0) {
+    if (getTLSVersion() == LibsslTLSVersion::TLS13) {
+#if GNUTLS_VERSION_NUMBER >= 0x030603
+      /* with TLS 1.3, gnutls_session_get_data2() will _wait_ for a ticket is there is none yet.. */
+      if ((gnutls_session_get_flags(d_conn.get()) & GNUTLS_SFLAGS_SESSION_TICKET) == 0) {
+        return nullptr;
+      }
+#else /* GNUTLS_VERSION_NUMBER >= 0x030603 */
+      /* the GNUTLS_SFLAGS_SESSION_TICKET flag does not exist before 3.6.3 (but TLS 1.3 should not either), so we can't be sure we are not
+         going to block, better give up. */
        return nullptr;
+#endif /* GNUTLS_VERSION_NUMBER >= 0x030603 */
      }
  
      gnutls_datum_t sess{nullptr, 0};
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 6 May 2021 09:37:26 +0000 (11:37 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 26 Aug 2021 14:30:27 +0000 (16:30 +0200)