From 7d369a4611014ac346319565dba7d09c1f9ff85a Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 6 May 2021 11:37:26 +0200
Subject: [PATCH] dnsdist: Fix compilation on older GnuTLS versions

---
 pdns/tcpiohandler.cc | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc
index 1a7165406f..3cd8547332 100644
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -1134,9 +1134,17 @@ public:
 
   std::unique_ptr<TLSSession> getSession() const override
   {
-    /* with TLS 1.3, gnutls_session_get_data2() will _wait_ for a ticket is there is none yet.. */
-    if ((gnutls_session_get_flags(d_conn.get()) & GNUTLS_SFLAGS_SESSION_TICKET) == 0) {
+    if (getTLSVersion() == LibsslTLSVersion::TLS13) {
+#if GNUTLS_VERSION_NUMBER >= 0x030603
+      /* with TLS 1.3, gnutls_session_get_data2() will _wait_ for a ticket is there is none yet.. */
+      if ((gnutls_session_get_flags(d_conn.get()) & GNUTLS_SFLAGS_SESSION_TICKET) == 0) {
+        return nullptr;
+      }
+#else /* GNUTLS_VERSION_NUMBER >= 0x030603 */
+      /* the GNUTLS_SFLAGS_SESSION_TICKET flag does not exist before 3.6.3 (but TLS 1.3 should not either), so we can't be sure we are not
+         going to block, better give up. */
       return nullptr;
+#endif /* GNUTLS_VERSION_NUMBER >= 0x030603 */
     }
 
     gnutls_datum_t sess{nullptr, 0};
-- 
2.47.3