mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 20:10:49 +02:00
748678715a
Address review on PR #10582: - The client-side extended_master_secret consistency check skipped all session-ticket resumptions, leaving a generic ticket resumption open to an undetected EMS downgrade by a malicious server or MITM. The client retains the EMS state for ticket sessions too (SetupSession), so the check now applies to ticket resumption as well, mirroring the adjacent cipher-suite check. Only EAP-FAST style resumption - where the session-secret callback supplies the master secret for an opaque PAC ticket - is exempt, matched precisely via ssl->sessionSecretCb just as the callback invocation in DoServerHello does. - Add test_tls_ems_resumption_server_downgrade, exercising the client-direction downgrade (server resumes but omits EMS from its ServerHello) for both session-ID and session-ticket resumption. This client-side branch previously had no test coverage.