From 07e69829d755046387071cc090ad4d4ed36ab318 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Fri, 16 Oct 2020 14:16:13 +1000
Subject: [PATCH] TLS 1.3 PSK: fix for session ticket timeout

Return straightaway if the ticket is out of date.
Need to fallback to full handshake.
---
 src/tls13.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/tls13.c b/src/tls13.c
index 779fb097f..c76e894c7 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -3369,7 +3369,8 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
                                      diff - MAX_TICKET_AGE_SECS * 1000 > 1000) {
                 /* Invalid difference, fallback to full handshake. */
                 ssl->options.resuming = 0;
-                break;
+                /* Hash the rest of the ClientHello. */
+                return HashRaw(ssl, input + helloSz - bindersLen, bindersLen);
             }
 
             /* Check whether resumption is possible based on suites in SSL and