From afdd5648aa13518e847fe3ba2a8654802696489e Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Thu, 30 Jun 2022 16:28:56 +0200
Subject: [PATCH] Address code review

---
 src/ssl.c | 2 +-
 src/tls.c | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 9782866fc..53339b752 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -12793,7 +12793,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
 
 #endif /* NO_WOLFSSL_SERVER */
 
-#ifdef WOLFSSL_DTLS
+#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
 int wolfSSL_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx)
 {
     WOLFSSL_ENTER("wolfSSL_SetChGoodCb");
diff --git a/src/tls.c b/src/tls.c
index af3f197db..c37e1d1a3 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -6169,9 +6169,10 @@ static int TLSX_Cookie_Parse(WOLFSSL* ssl, const byte* input, word16 length,
     extension = TLSX_Find(ssl->extensions, TLSX_COOKIE);
     if (extension == NULL) {
 #ifdef WOLFSSL_DTLS13
-        if (ssl->options.dtls)
-            /* TODO: Should we allow a ClientHello with a valid cookie even if
-             *       the cookie wasn't sent by this WOLFSSL object? */
+        if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version))
+            /* Allow a cookie extension with DTLS 1.3 because it is possible
+             * that a different SSL instance sent the cookie but we are now
+             * receiving it. */
             return TLSX_Cookie_Use(ssl, input + idx, len, NULL, 0, 0);
         else
 #endif