commit 233fcaadbfc1357a7f647c446c9f5cae35a4b796
author Ronald Cron <ronald.cron@arm.com> Thu Apr 04 14:05:21 2024 +0200
committer Ronald Cron <ronald.cron@arm.com> Thu Apr 04 15:52:40 2024 +0200
tree 0c08edd7309327233bc03f9adee5086a2986cfd8
parent fe15d90f72dbf2cbcca31407d24aadaa5ac3fd53

tls13: Do not initiate at all resumption if tickets not supported

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ff8a384..f39aba4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1759,6 +1759,7 @@
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
         const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
             mbedtls_ssl_ciphersuite_from_id(session->ciphersuite);
 
@@ -1769,6 +1770,14 @@
                                       session->ciphersuite));
             return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
         }
+#else
+        /*
+         * If session tickets are not enabled, it is not possible to resume a
+         * TLS 1.3 session, thus do not make any change to the SSL context in
+         * the first place.
+         */
+        return 0;
+#endif
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */