• Martin Pitt's avatar
    gnutls: Fix using different client certs for different connections · 8da92fd6
    Martin Pitt authored
    Up to now, a GTlsClientConnectionGnutls' session ID was built only from
    the address and port. This led to overly aggressive caching of the TLS
    session data and ignored the set client certificate of any subsequent
    connection to the same server/port.
    
    Move computation of the session ID from _constructed() to
    _begin_handshake() when we actually need it; at that point we have the
    client certificate already set. Append the certificate's hash to the
    session ID to disambiguate connections with different client
    certificates while still retaining the caching for multiple connections
    with the same cert.
    
    Add a second client certificate with a different modulus to the test
    files and expand the connection /tls/connection/client-auth* tests to
    cover this case.
    
    Also extend /tls/connection/client-auth-failure to do a connection with
    a good certificate after a failed attempt without a cert, to ensure that
    our session caching doesn't attempt to re-use the failed session for
    that.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=781578
    8da92fd6
Name
Last commit
Last update
m4 Loading commit data...
po Loading commit data...
proxy Loading commit data...
tls Loading commit data...
.gitignore Loading commit data...
AUTHORS Loading commit data...
COPYING Loading commit data...
ChangeLog Loading commit data...
LICENSE_EXCEPTION Loading commit data...
Makefile.am Loading commit data...
NEWS Loading commit data...
README Loading commit data...
autogen.sh Loading commit data...
configure.ac Loading commit data...
glib-networking.doap Loading commit data...
glib-networking.mk Loading commit data...
glib.mk Loading commit data...
tap-driver.sh Loading commit data...
tap-test Loading commit data...