From 1e5d3081afe1a1b48aa19a093a46b5b1e25e03ad Mon Sep 17 00:00:00 2001 From: =?utf8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 9 Jul 2020 16:51:54 +0200 Subject: [PATCH] tls: enable net.tls_sticket_secret() for session resumption across processes --- NEWS | 4 ++++ daemon/tls_session_ticket-srv.c | 16 ++++++---------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/NEWS b/NEWS index 35605d72e..91464668a 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,10 @@ Improvements ------------ - capabilities are no longer constrained when running as root (!1012) +Bugfixes +-------- +- tls: fix compilation to support net.tls_sticket_secret() (!1021) + Knot Resolver 5.1.2 (2020-07-01) ================================ diff --git a/daemon/tls_session_ticket-srv.c b/daemon/tls_session_ticket-srv.c index 4335c69e1..ac4fb2e17 100644 --- a/daemon/tls_session_ticket-srv.c +++ b/daemon/tls_session_ticket-srv.c @@ -26,11 +26,13 @@ /** Compile-time support for setting the secret. */ /* This is not secure with TLS <= 1.2 but TLS 1.3 and secure configuration - * is not available in GnuTLS yet. See https://gitlab.com/gnutls/gnutls/issues/477 -#ifndef TLS_SESSION_RESUMPTION_SYNC - #define TLS_SESSION_RESUMPTION_SYNC (GNUTLS_VERSION_NUMBER >= 0x030603) + * is not available in GnuTLS yet. See https://gitlab.com/gnutls/gnutls/issues/477 */ +#define TLS_SESSION_RESUMPTION_SYNC (GNUTLS_VERSION_NUMBER >= 0x030603) +#if TLS_SESSION_RESUMPTION_SYNC + #define TST_HASH GNUTLS_DIG_SHA3_512 +#else + #define TST_HASH abort() #endif -*/ #if GNUTLS_VERSION_NUMBER < 0x030400 /* It's of little use anyway. We may get the secret through lua, @@ -38,12 +40,6 @@ #define gnutls_memset memset #endif -#ifdef GNUTLS_DIG_SHA3_512 - #define TST_HASH GNUTLS_DIG_SHA3_512 -#else - #define TST_HASH abort() -#endif - /** Fields are internal to tst_key_* functions. */ typedef struct tls_session_ticket_ctx { uv_timer_t timer; /**< timer for rotation of the key */ -- 2.47.2