www.infradead.org Git - users/dwmw2/openconnect.git/commit

author	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Sat, 6 Oct 2018 05:44:12 +0000 (07:44 +0200)
committer	David Woodhouse <dwmw2@infradead.org>
	Sat, 13 Oct 2018 12:53:24 +0000 (05:53 -0700)
commit	0787d693f7d43b0345b10dd1540c832f0cd353b4
tree	357771ee1280fb7dca486b3122c53432f512fdeb	tree
parent	7a0ca97e8b655676f7414abcabcdc1ce7a1d7239	commit \| diff

Use the client hello session identifier to transmit the client identifier

Currently the openconnect (protocol) client uses a custom extension to provide
information to the server on which session it was previously associated with.
However, a private extension cannot be defined in IETF without going through
a tedious standardization process involving the TLS working group. To avoid
that process we should provide the client identifier on the DTLS session using
alternative methods.

In TLS 1.3 (and DTLS) the session ID field was made obsolete, and as such we can
use it to place the client identifier instead of an extension field. We can do it
safely because (1) there is no session resumption -in the dtls1.2 or earlier sense-
and (2) ocserv is already checking this field for that value due to the old protocol
format.

Resolves #5

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

gnutls-dtls.c		diff \| blob \| history
openconnect-internal.h		diff \| blob \| history
openssl-dtls.c		diff \| blob \| history