From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Wed, 5 May 2021 15:08:34 +0000 (+0200)
Subject: dnsdist: Don't let GnuTLS block if a ticket is not available yet..
X-Git-Tag: dnsdist-1.7.0-alpha1~45^2~27
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f14ca1873085724e96638e4b60517eccb4cab1bc;p=thirdparty%2Fpdns.git

dnsdist: Don't let GnuTLS block if a ticket is not available yet..
---

diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc
index 1125d63ab6..1a7165406f 100644
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -1134,6 +1134,11 @@ public:
 
   std::unique_ptr<TLSSession> getSession() const override
   {
+    /* with TLS 1.3, gnutls_session_get_data2() will _wait_ for a ticket is there is none yet.. */
+    if ((gnutls_session_get_flags(d_conn.get()) & GNUTLS_SFLAGS_SESSION_TICKET) == 0) {
+      return nullptr;
+    }
+
     gnutls_datum_t sess{nullptr, 0};
     auto ret = gnutls_session_get_data2(d_conn.get(), &sess);
     if (ret != GNUTLS_E_SUCCESS) {