diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 01b3f59cf..822124f85 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -1324,6 +1324,8 @@ CYASSL_API int CyaSSL_Rehandshake(CYASSL* ssl); CYASSL_API int CyaSSL_UseSessionTicket(CYASSL* ssl); CYASSL_API int CyaSSL_CTX_UseSessionTicket(CYASSL_CTX* ctx); +CYASSL_API int CyaSSL_get_SessionTicket(CYASSL*, unsigned char*, unsigned int*); +CYASSL_API int CyaSSL_set_SessionTicket(CYASSL*, unsigned char*, unsigned int); #endif #endif diff --git a/src/internal.c b/src/internal.c index bcbc04bc6..fdb255fb1 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8976,7 +8976,7 @@ static void PickHashSigAlgo(CYASSL* ssl, ret = (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID, ssl->session.sessionID, ID_LEN) == 0); #else - ret = (ssl->session.ticketLen > 0) || + ret = (!ssl->expect_session_ticket && ssl->session.ticketLen > 0) || (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID, ssl->session.sessionID, ID_LEN) == 0); #endif diff --git a/src/ssl.c b/src/ssl.c index 564877b55..276bb910c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -813,6 +813,32 @@ int CyaSSL_CTX_UseSessionTicket(CYASSL_CTX* ctx) return TLSX_UseSessionTicket(&ctx->extensions, NULL); } + +CYASSL_API int CyaSSL_get_SessionTicket(CYASSL* ssl, byte* buf, word32* bufSz) +{ + if (ssl == NULL || buf == NULL || bufSz == NULL || *bufSz == 0) + return BAD_FUNC_ARG; + + if (ssl->session.ticketLen <= *bufSz) { + XMEMCPY(buf, ssl->session.ticket, ssl->session.ticketLen); + *bufSz = ssl->session.ticketLen; + } + else + *bufSz = 0; + + return SSL_SUCCESS; +} + +CYASSL_API int CyaSSL_set_SessionTicket(CYASSL* ssl, byte* buf, word32 bufSz) +{ + if (ssl == NULL || buf == NULL || bufSz == 0) + return BAD_FUNC_ARG; + + XMEMCPY(ssl->session.ticket, buf, bufSz); + ssl->session.ticketLen = bufSz; + + return SSL_SUCCESS; +} #endif #ifndef CYASSL_LEANPSK