From f14ca1873085724e96638e4b60517eccb4cab1bc Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Wed, 5 May 2021 17:08:34 +0200
Subject: [PATCH] dnsdist: Don't let GnuTLS block if a ticket is not available
 yet..

---
 pdns/tcpiohandler.cc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc
index 1125d63ab6..1a7165406f 100644
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -1134,6 +1134,11 @@ public:
 
   std::unique_ptr<TLSSession> getSession() const override
   {
+    /* with TLS 1.3, gnutls_session_get_data2() will _wait_ for a ticket is there is none yet.. */
+    if ((gnutls_session_get_flags(d_conn.get()) & GNUTLS_SFLAGS_SESSION_TICKET) == 0) {
+      return nullptr;
+    }
+
     gnutls_datum_t sess{nullptr, 0};
     auto ret = gnutls_session_get_data2(d_conn.get(), &sess);
     if (ret != GNUTLS_E_SUCCESS) {
-- 
2.47.3