mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 00:00:49 +02:00
2352d73f7f
The client's resumed-session EMS (F-5807) and cipher-suite (F-5811) checks were enforced in CompleteServerHello at ServerHello-parse time. For stateless ticket resumption the client sends an empty session ID and cannot yet tell whether the server accepted the ticket (RFC 5077 3.4): a server that declines the ticket falls back to a full handshake under a freshly negotiated suite/EMS state, which these checks wrongly aborted with MATCH_SUITE_ERROR, breaking the RFC 5077 ticket-decline fallback to a full handshake. Move both checks into CheckResumptionConsistency and run it only once resumption is confirmed - from whichever the server sends first in the abbreviated flight: a renewed NewSessionTicket (before SetupSession refreshes the cached suite/EMS to the current values) or its ChangeCipherSpec. By then the "Not resuming as thought" path has cleared 'resuming' for any ticket decline, so the full-handshake fallback proceeds. Add test_tls12_resume_ticket_decline_fallback (ticket declined by a fresh server CTX, full handshake under a different suite must succeed) and gate test_tls12_resume_ticket_wrong_suite on WOLFSSL_NO_DEF_TICKET_ENC_CB so it skips rather than fails in builds without the default ticket encryption callback.
Before creating any new configure files (.conf) read the CONF_FILES_README.md