mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 19:50:49 +02:00
ff60134ff0
DoClientTicketCheck's ticket-age bounds (-1000 ms low bound and MAX_TICKET_AGE_DIFF*1000+1000 ms high bound) were never exercised by any integration test, so mutations of the constants went undetected. Establish a TLS 1.3 session, read the NewSessionTicket, then shift the client's cached ageAdd by well over 1 second so the server's unobfuscated diff falls outside the valid window on resumption. The server must reject the PSK — session_reused stays 0.
Before creating any new configure files (.conf) read the CONF_FILES_README.md