blob: 4816534fa35324e291f8538e73438f43d5534493 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
@deftypefun {int} {gnutls_session_get_data2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{data})
@var{session}: is a @code{gnutls_session_t} type.
@var{data}: is a pointer to a datum that will hold the session.
Returns necessary parameters to support resumption. The client
should call this function and store the returned session data. A session
can be resumed later by calling @code{gnutls_session_set_data()} with the returned
data. Note that under TLS 1.3, it is recommended for clients to use
session parameters only once, to prevent passive-observers from correlating
the different connections.
The returned @code{data} are allocated and must be released using @code{gnutls_free()} .
This function will fail if called prior to handshake completion. In
case of false start TLS, the handshake completes only after data have
been successfully received from the peer.
Under TLS1.3 session resumption is possible only after a session ticket
is received by the client. To ensure that such a ticket has been received use
@code{gnutls_session_get_flags()} and check for flag @code{GNUTLS_SFLAGS_SESSION_TICKET} ;
if this flag is not set, this function will wait for a new ticket within
an estimated roundtrip, and if not received will return dummy data which
cannot lead to resumption.
To get notified when new tickets are received by the server
use @code{gnutls_handshake_set_hook_function()} to wait for @code{GNUTLS_HANDSHAKE_NEW_SESSION_TICKET}
messages. Each call of @code{gnutls_session_get_data2()} after a ticket is
received, will return session resumption data corresponding to the last
received ticket.
Note that this function under TLS1.3 requires a callback to be set with
@code{gnutls_transport_set_pull_timeout_function()} for successful operation. There
was a bug before 3.6.10 which could make this function fail if that callback
was not set. On later versions if not set, the function will return a successful
error code, but will return dummy data that cannot lead to a resumption.
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise
an error code is returned.
@end deftypefun
|