commit bedddd707a0a36b4052e48be2abffdb6c3c44c45
author Ronald Cron <ronald.cron@arm.com> Tue Aug 27 14:18:50 2024 +0200
committer Ronald Cron <ronald.cron@arm.com> Tue Aug 27 15:41:18 2024 +0200
tree ccb5ccfae42d21d2bf8bf8acbbaaf3da95c41969
parent 7defa41fb39f9ac8c89a0a08e5078350f10be478

Add mbedtls_ssl_conf_enable_new_session_tickets() API

Add mbedtls_ssl_conf_enable_new_session_tickets() API
to be able to enable and disable the handling of TLS 1.3
NewSessionTicket messages.

The TLS 1.2 equivalent function is named
mbedtls_ssl_conf_session_tickets() thus the most
natural name would have been
mbedtls_ssl_conf_new_session_tickets() but it is
already used on server side thus rather
mbedtls_ssl_conf_enable_new_session_tickets().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d6077a2..21d70af 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3013,7 +3013,14 @@
 {
     conf->session_tickets = use_tickets;
 }
-#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+void mbedtls_ssl_conf_enable_new_session_tickets(mbedtls_ssl_config *conf,
+                                                 int new_session_tickets_enabled)
+{
+    conf->new_session_tickets_enabled = new_session_tickets_enabled;
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#endif /* MBEDTLS_SSL_CLI_C */
 
 #if defined(MBEDTLS_SSL_SRV_C)
 
@@ -5879,6 +5886,9 @@
         conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
         conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+        conf->new_session_tickets_enabled = MBEDTLS_SSL_ENABLE_NEW_SESSION_TICKETS_DISABLED;
+#endif
 #endif
     }
 #endif