mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
0fd7b13ebc
tls_tstream can't properly handle 'New Session Ticket' messages sent 'after' the client sends the 'Finished' message. This is needed because some servers (at least elasticsearch) wait till they get 'Finished' messgage from the client before sending the "New Ticket" message. Without this patch what typcially happens is when the application code sends data it then tries to read the response, but, instead of the response to the request it actually recieves the "New Session Ticket" instead. The "New Session Ticket" message gets processed by the upper layer logic e.g. tstream_tls_readv_send ->tstream_tls_readv_crypt_next ->tstream_tls_retry_read ->gnutls_record_recv instead of the core gnutls routines. This results in the response processing failing due to the currently 'unexpected' New Ticket message. In order to avoid this scenario we can ensure the client doesn't negotiate resumption with session tickets. Signed-off-by: Noel Power <noel.power@suse.com> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Nov 16 09:58:45 UTC 2022 on sn-devel-184 |
||
---|---|---|
.. | ||
tls_tstream.c | ||
tls.h | ||
tlscert.c | ||
wscript_build |