From 020b27bab263e563ecbbb5e70a34039370a06584 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 1 Mar 2019 11:00:26 -0800
Subject: [PATCH] wolfSSL_SecureResume() should be client only. Return an error
 if called form the server.

---
 src/ssl.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/ssl.c b/src/ssl.c
index 4db81dcaf..cce861a31 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2417,6 +2417,8 @@ int wolfSSL_Rehandshake(WOLFSSL* ssl)
 }
 
 
+#ifndef NO_WOLFSSL_CLIENT
+
 /* do a secure resumption handshake, user forced, we discourage */
 int wolfSSL_SecureResume(WOLFSSL* ssl)
 {
@@ -2425,6 +2427,14 @@ int wolfSSL_SecureResume(WOLFSSL* ssl)
 
     WOLFSSL_ENTER("wolfSSL_SecureResume()");
 
+    if (ssl == NULL)
+        return BAD_FUNC_ARG;
+
+    if (ssl->options.side == WOLFSSL_SERVER_END) {
+        ssl->error = SIDE_ERROR;
+        return SSL_FATAL_ERROR;
+    }
+
     session = wolfSSL_get_session(ssl);
     ret = wolfSSL_set_session(ssl, session);
     session = NULL;
@@ -2434,6 +2444,8 @@ int wolfSSL_SecureResume(WOLFSSL* ssl)
     return ret;
 }
 
+#endif /* NO_WOLFSSL_CLIENT */
+
 #endif /* HAVE_SECURE_RENEGOTIATION */
 
 /* Session Ticket */