allow bogus sessionID when ticket callback rejects ticket

2025-07-31 11:17:29 +02:00 · 2016-07-13 12:47:59 -06:00
parent 7b76c3ab36
commit 5f21f93c61
3 changed files with 3 additions and 1 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -17668,7 +17668,7 @@ int DoSessionTicket(WOLFSSL* ssl,
            #ifdef HAVE_SESSION_TICKET
                if (ssl->options.useTicket == 1) {
                    session = &ssl->session;
-                } else if (bogusID) {
+                } else if (bogusID == 1 && ssl->options.rejectTicket == 0) {
                    WOLFSSL_MSG("Bogus session ID without session ticket");
                    return BUFFER_ERROR;
                }
--- a/src/tls.c
+++ b/src/tls.c
@ -3181,6 +3181,7 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
                }
            } else if (ret == WOLFSSL_TICKET_RET_REJECT) {
                WOLFSSL_MSG("Process client ticket rejected, not using");
+                ssl->options.rejectTicket = 1;
                ret = 0;  /* not fatal */
            } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) {
                WOLFSSL_MSG("Process client ticket fatal error, not using");
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -2417,6 +2417,7 @@ typedef struct Options {
 #ifdef HAVE_SESSION_TICKET
    word16            createTicket:1;     /* Server to create new Ticket */
    word16            useTicket:1;        /* Use Ticket not session cache */
+    word16            rejectTicket:1;     /* Callback rejected ticket */
 #endif
 #ifdef WOLFSSL_DTLS
    word16            dtlsHsRetain:1;     /* DTLS retaining HS data */