gnutls-cli: Add option to wait for resumption data

This introduces the --waitresumption command line option which makes the
client to wait for the resumption data until a ticket is received under
TLS1.3.  The client will block if no ticket is received.  The new option
has no effect if the option --resume is not provided.

This is useful to force the client to wait for the resumption data when
the server takes long to send the ticket, allowing the session
resumption to be tested.  This is a common scenario in CI systems where
the testing machines have limited resources.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

diff --git a/src/cli-args.def b/src/cli-args.def
index a8760fab9064327d4f3f4705efe2648161d725f7..56ae77b0779e069c61c5307a0dadad3cb0b38ec4 100644 (file)
--- a/src/cli-args.def
+++ b/src/cli-args.def
@@ -471,6 +471,12 @@ flag = {
     doc      = "";
 };
 
+flag = {
+    name     = waitresumption;
+    descrip  = "Block waiting for the resumption data under TLS1.3";
+    doc      = "This option makes the client to block waiting for the resumption data under TLS1.3. The option has effect only when --resume is provided.";
+};
+
 doc-section = {
   ds-type   = 'SEE ALSO'; // or anything else
   ds-format = 'texi';      // or texi or mdoc format

diff --git a/src/cli.c b/src/cli.c
index db072b9303afbea9e3abf08b44cf68f9b4448fbb..c3d074f08423a2e30ec29b85156517493907925a 100644 (file)
--- a/src/cli.c
+++ b/src/cli.c
@@ -78,7 +78,7 @@
 
 /* global stuff here */
 int resume, starttls, insecure, ranges, rehandshake, udp, mtu,
-    inline_commands;
+    inline_commands, waitresumption;
 unsigned int global_vflags = 0;
 char *hostname = NULL;
 char service[32]="";
@@ -992,11 +992,19 @@ static int try_resume(socket_st * hd)
        gnutls_datum_t edata = {NULL, 0};
 
        if (gnutls_session_is_resumed(hd->session) == 0) {
-               /* not resumed - obtain the session data */
-               ret = gnutls_session_get_data2(hd->session, &rdata);
-               if (ret < 0) {
-                       rdata.data = NULL;
-               }
+               do {
+                       /* not resumed - obtain the session data */
+                       ret = gnutls_session_get_data2(hd->session, &rdata);
+                       if (ret < 0) {
+                               rdata.data = NULL;
+                       }
+
+                       if ((gnutls_protocol_get_version(hd->session) != GNUTLS_TLS1_3) ||
+                                       ((gnutls_session_get_flags(hd->session) &
+                                        GNUTLS_SFLAGS_SESSION_TICKET))) {
+                               break;
+                       }
+               } while (waitresumption);
        } else {
                /* resumed - try to reuse the previous session data */
                rdata.data = hd->rdata.data;
@@ -1688,6 +1696,7 @@ static void cmd_parser(int argc, char **argv)
        rehandshake = HAVE_OPT(REHANDSHAKE);
        insecure = HAVE_OPT(INSECURE);
        ranges = HAVE_OPT(RANGES);
+       waitresumption = HAVE_OPT(WAITRESUMPTION);
 
        if (insecure || HAVE_OPT(VERIFY_ALLOW_BROKEN)) {
                global_vflags |= GNUTLS_VERIFY_ALLOW_BROKEN;