add set num tickets compat function

2025-07-29 18:27:29 +02:00 · 2021-08-02 23:47:53 +07:00
parent a802c270e1
commit 2479346f5c
6 changed files with 52 additions and 10 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -6264,7 +6264,8 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)

 #ifdef WOLFSSL_TLS13
    #ifdef HAVE_SESSION_TICKET
-        ssl->options.noTicketTls13 = ctx->noTicketTls13;
+        ssl->options.maxTicketTls13 = ctx->maxTicketTls13;
+        ssl->options.noTicketTls13  = ctx->noTicketTls13;
    #endif
    ssl->options.noPskDheKe = ctx->noPskDheKe;
    #if defined(WOLFSSL_POST_HANDSHAKE_AUTH)
--- a/src/ssl.c
+++ b/src/ssl.c
@ -3029,6 +3029,29 @@ void* wolfSSL_CTX_get_TicketEncCtx(WOLFSSL_CTX* ctx)

    return ctx->ticketEncCtx;
 }
+
+/* set the maximum number of tickets to send
+ * return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on fail
+ */
+int wolfSSL_CTX_set_num_tickets(WOLFSSL_CTX* ctx, size_t max)
+{
+    if (ctx == NULL)
+        return WOLFSSL_FAILURE;
+
+    ctx->maxTicketTls13 = max;
+    return WOLFSSL_SUCCESS;
+}
+
+/* get the maximum number of tickets to send
+ * return number of tickets set to be sent
+ */
+size_t wolfSSL_CTX_get_num_tickets(WOLFSSL_CTX* ctx)
+{
+    if (ctx == NULL)
+        return 0;
+
+    return ctx->maxTicketTls13;
+}
 #endif /* !NO_WOLFSSL_SERVER */

 #if !defined(NO_WOLFSSL_CLIENT)
--- a/src/tls13.c
+++ b/src/tls13.c
@ -9168,6 +9168,9 @@ const char* wolfSSL_get_cipher_name_by_hash(WOLFSSL* ssl, const char* hash)
 */
 int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
 {
+#ifdef HAVE_SESSION_TICKET
+    byte ticketsSent; /* count for number of tickets sent */
+#endif
 #if !defined(NO_CERTS) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
    word16 havePSK = 0;
 #endif
@ -9448,15 +9451,24 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)

        case TLS13_ACCEPT_FINISHED_DONE :
 #ifdef HAVE_SESSION_TICKET
-    #ifdef WOLFSSL_TLS13_TICKET_BEFORE_FINISHED
-            if (!ssl->options.verifyPeer) {
-            }
-            else
-    #endif
-            if (!ssl->options.noTicketTls13 && ssl->ctx->ticketEncCb != NULL) {
-                if ((ssl->error = SendTls13NewSessionTicket(ssl)) != 0) {
-                    WOLFSSL_ERROR(ssl->error);
-                    return WOLFSSL_FATAL_ERROR;
+            for (ticketsSent = 0; ticketsSent < ssl->options.maxTicketTls13;
+                    ticketsSent++) {
+        #ifdef WOLFSSL_TLS13_TICKET_BEFORE_FINISHED
+                if (!ssl->options.verifyPeer) {
+                }
+                else
+        #endif
+                if (!ssl->options.noTicketTls13 && ssl->ctx->ticketEncCb
+                        != NULL) {
+                    if ((ssl->error = SendTls13NewSessionTicket(ssl)) != 0) {
+                        WOLFSSL_ERROR(ssl->error);
+                        return WOLFSSL_FATAL_ERROR;
+                    }
+                }
+
+                /* only one session ticket is sent on session resumption */
+                if (ssl->options.resuming) {
+                    break;
                }
            }
 #endif /* HAVE_SESSION_TICKET */
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -2841,6 +2841,7 @@ struct WOLFSSL_CTX {
    byte        noTicketTls12:1;  /* TLS 1.2 server won't send ticket */
 #endif
 #ifdef WOLFSSL_TLS13
+    byte        maxTicketTls13;   /* maximum number of tickets to send */
    byte        noTicketTls13:1;  /* TLS 1.3 Server won't create new Ticket */
    byte        noPskDheKe:1;     /* Don't use (EC)DHE with PSK */
 #endif
@ -3626,6 +3627,7 @@ typedef struct Options {
    word16            rejectTicket:1;     /* Callback rejected ticket */
    word16            noTicketTls12:1;    /* TLS 1.2 server won't send ticket */
 #ifdef WOLFSSL_TLS13
+    byte              maxTicketTls13;     /* maximum number of tickets to send */
    word16            noTicketTls13:1;    /* Server won't create new Ticket */
 #endif
 #endif
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@ -1131,6 +1131,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_CTX_set_tlsext_ticket_keys  wolfSSL_CTX_set_tlsext_ticket_keys
 #define SSL_CTX_get_tlsext_status_cb    wolfSSL_CTX_get_tlsext_status_cb
 #define SSL_CTX_set_tlsext_status_cb    wolfSSL_CTX_set_tlsext_status_cb
+#define SSL_CTX_set_num_tickets         wolfSSL_CTX_set_num_tickets
+#define SSL_CTX_get_num_tickets         wolfSSL_CTX_get_num_tickets

 #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS         11
 #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS         12
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -3531,6 +3531,8 @@ WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
 WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int);
 WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*);
 WOLFSSL_API void* wolfSSL_CTX_get_TicketEncCtx(WOLFSSL_CTX* ctx);
+WOLFSSL_API size_t wolfSSL_CTX_get_num_tickets(WOLFSSL_CTX* ctx);
+WOLFSSL_API int wolfSSL_CTX_set_num_tickets(WOLFSSL_CTX* ctx, size_t max);

 #endif /* NO_WOLFSSL_SERVER */