Add ssl_set_session_tickets()
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 40b9f23..402c85a 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -328,6 +328,12 @@
unsigned char *p = buf;
size_t tlen = ssl->session_negotiate->ticket_len;
+ if( ssl->session_tickets == SSL_SESSION_TICKETS_DISABLED )
+ {
+ *olen = 0;
+ return;
+ }
+
SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) );
*p++ = (unsigned char)( ( TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
@@ -648,8 +654,11 @@
const unsigned char *buf,
size_t len )
{
- if( len != 0 )
+ if( ssl->session_tickets == SSL_SESSION_TICKETS_DISABLED ||
+ len != 0 )
+ {
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
((void) buf);
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index ad9142c..5b7db17 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -534,6 +534,9 @@
const unsigned char *buf,
size_t len )
{
+ if( ssl->session_tickets == SSL_SESSION_TICKETS_DISABLED )
+ return( 0 );
+
/* Remember the client asked us to send a new ticket */
ssl->handshake->new_session_ticket = 1;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index db87fe0..f7b9bd9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2978,6 +2978,9 @@
void ssl_set_endpoint( ssl_context *ssl, int endpoint )
{
ssl->endpoint = endpoint;
+
+ if( endpoint == SSL_IS_CLIENT )
+ ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED;
}
void ssl_set_authmode( ssl_context *ssl, int authmode )
@@ -3225,6 +3228,13 @@
ssl->allow_legacy_renegotiation = allow_legacy;
}
+int ssl_set_session_tickets( ssl_context *ssl, int use_tickets )
+{
+ ssl->session_tickets = use_tickets;
+
+ return( 0 );
+}
+
/*
* SSL get accessors
*/