allow bogus sessionID when ticket callback rejects ticket

src/internal.c

@@ -17668,7 +17668,7 @@ int DoSessionTicket(WOLFSSL* ssl,
             #ifdef HAVE_SESSION_TICKET
                 if (ssl->options.useTicket == 1) {
                     session = &ssl->session;
-                } else if (bogusID) {
+                } else if (bogusID == 1 && ssl->options.rejectTicket == 0) {
                     WOLFSSL_MSG("Bogus session ID without session ticket");
                     return BUFFER_ERROR;
                 }

src/tls.c

@@ -3181,6 +3181,7 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
                 }
             } else if (ret == WOLFSSL_TICKET_RET_REJECT) {
                 WOLFSSL_MSG("Process client ticket rejected, not using");
+                ssl->options.rejectTicket = 1;
                 ret = 0;  /* not fatal */
             } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) {
                 WOLFSSL_MSG("Process client ticket fatal error, not using");

wolfssl/internal.h

@@ -2417,6 +2417,7 @@ typedef struct Options {
 #ifdef HAVE_SESSION_TICKET
     word16            createTicket:1;     /* Server to create new Ticket */
     word16            useTicket:1;        /* Use Ticket not session cache */
+    word16            rejectTicket:1;     /* Callback rejected ticket */
 #endif
 #ifdef WOLFSSL_DTLS
     word16            dtlsHsRetain:1;     /* DTLS retaining HS data */