1. Added accessors for session tickets.

2. Fixed client case when server doesn't want to resume session with ticket.

cyassl/ssl.h

@@ -1324,6 +1324,8 @@ CYASSL_API int CyaSSL_Rehandshake(CYASSL* ssl);
 
 CYASSL_API int CyaSSL_UseSessionTicket(CYASSL* ssl);
 CYASSL_API int CyaSSL_CTX_UseSessionTicket(CYASSL_CTX* ctx);
+CYASSL_API int CyaSSL_get_SessionTicket(CYASSL*, unsigned char*, unsigned int*);
+CYASSL_API int CyaSSL_set_SessionTicket(CYASSL*, unsigned char*, unsigned int);
 
 #endif
 #endif

src/internal.c

@@ -8976,7 +8976,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
             ret = (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
                                           ssl->session.sessionID, ID_LEN) == 0);
         #else
-            ret = (ssl->session.ticketLen > 0) ||
+            ret = (!ssl->expect_session_ticket && ssl->session.ticketLen > 0) ||
                   (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
                                           ssl->session.sessionID, ID_LEN) == 0);
         #endif

src/ssl.c

@@ -813,6 +813,32 @@ int CyaSSL_CTX_UseSessionTicket(CYASSL_CTX* ctx)
 
     return TLSX_UseSessionTicket(&ctx->extensions, NULL);
 }
+
+CYASSL_API int CyaSSL_get_SessionTicket(CYASSL* ssl, byte* buf, word32* bufSz)
+{
+    if (ssl == NULL || buf == NULL || bufSz == NULL || *bufSz == 0)
+        return BAD_FUNC_ARG;
+
+    if (ssl->session.ticketLen <= *bufSz) {
+        XMEMCPY(buf, ssl->session.ticket, ssl->session.ticketLen);
+        *bufSz = ssl->session.ticketLen;
+    }
+    else
+        *bufSz = 0;
+
+    return SSL_SUCCESS;
+}
+
+CYASSL_API int CyaSSL_set_SessionTicket(CYASSL* ssl, byte* buf, word32 bufSz)
+{
+    if (ssl == NULL || buf == NULL || bufSz == 0)
+        return BAD_FUNC_ARG;
+
+    XMEMCPY(ssl->session.ticket, buf, bufSz);
+    ssl->session.ticketLen = bufSz;
+
+    return SSL_SUCCESS;
+}
 #endif
 
 #ifndef CYASSL_LEANPSK