dnsdist: Don't let GnuTLS block if a ticket is not available yet..

author Remi Gacogne <remi.gacogne@powerdns.com>

Wed, 5 May 2021 15:08:34 +0000 (17:08 +0200)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Thu, 26 Aug 2021 14:30:27 +0000 (16:30 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Wed, 5 May 2021 15:08:34 +0000 (17:08 +0200)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Thu, 26 Aug 2021 14:30:27 +0000 (16:30 +0200)
diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc

index 1125d63ab63587f27b4e27c7a371aa52f7b207e5..1a7165406fdcc149674b6399bd57beb413a35ba6 100644 (file)
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -1134,6 +1134,11 @@ public:
  
    std::unique_ptr<TLSSession> getSession() const override
    {
+    /* with TLS 1.3, gnutls_session_get_data2() will _wait_ for a ticket is there is none yet.. */
+    if ((gnutls_session_get_flags(d_conn.get()) & GNUTLS_SFLAGS_SESSION_TICKET) == 0) {
+      return nullptr;
+    }
+
      gnutls_datum_t sess{nullptr, 0};
      auto ret = gnutls_session_get_data2(d_conn.get(), &sess);
      if (ret != GNUTLS_E_SUCCESS) {
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Wed, 5 May 2021 15:08:34 +0000 (17:08 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 26 Aug 2021 14:30:27 +0000 (16:30 +0200)