Hiya, Attached is a patch <http://people.apache.org/~pquerna/tls_session_ticket_support.patch> to add support for setting SSL_CTX_set_tlsext_ticket_keys.
I have two questions: 1) What is the right ifdef to look for support of this feature? I was just using ifdef SSL_CTX_set_tlsext_ticket_keys and it seemed to work for me...... 2) What is the right way to set/generate the keys -- openssl requires that the key is 48 bytes exactly. (16 bytes for tlsext_tick_key_nametlsext_tick_hmac_key (unused?), 16 for hmac of session, 16 for aes key). Right now I take the user provided key value and use it as an HMAC key with the SHA1(Certificate) for that vhost as the SHA256 HMAC'ed value. I don't know what is best. I just made this shit up, but I couldn't find any examples of SSL_CTX_set_tlsext_ticket_keys being used, so any suggestions would be helpful. The other option is to require the user to provide 48 bytes of random data (base64'ed?) rather than trying to be nice by generating it from ascii for them. Happy to fix/iterate or just commit to trunk, Thanks, Paul
tls_session_ticket_support.patch
Description: Binary data
