Revert new field and check ciphersuite match when resume by exist info_id
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 2d805ad..8bc8fd0 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1180,9 +1180,6 @@
mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
#endif
int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- int MBEDTLS_PRIVATE(res_ciphersuite); /*!< resumption ciphersuite */
-#endif
size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */
unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 4384706..c91980a 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1106,8 +1106,7 @@
}
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- if (ssl->handshake->resume &&
- ssl->session_negotiate->res_ciphersuite !=
+ if (ssl->handshake->ciphersuite_info->id !=
ssl->session_negotiate->ciphersuite) {
MBEDTLS_SSL_DEBUG_MSG(
1, ("Invalid ciphersuite for session ticket psk."));
@@ -1705,8 +1704,7 @@
handshake->ciphersuite_info = ciphersuite_info;
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- ssl->session_negotiate->res_ciphersuite =
- ssl->session_negotiate->ciphersuite;
+ if (handshake->resume == 0)
#endif
ssl->session_negotiate->ciphersuite = cipher_suite;