fix various issues
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 9f4926a..7a02c71 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1850,7 +1850,8 @@
MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) {
MBEDTLS_SSL_DEBUG_MSG(
1,
- ("EarlyData: rejected, denied by ticket permission bits."));
+ ("EarlyData: rejected, early_data not allowed in ticket "
+ "permission bits."));
return;
}
@@ -3222,10 +3223,11 @@
unsigned char *p = buf;
*out_len = 0;
- if ((ssl->session->ticket_flags &
- MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) {
+ if (mbedtls_ssl_session_get_ticket_flags(
+ ssl->session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) {
MBEDTLS_SSL_DEBUG_MSG(
- 4, ("Skip early_data extension in NST for it is not allowed."));
+ 4, ("early_data not allowed, skip early_data extension in "
+ "NewSessionTicket"));
return 0;
}
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 4ef2494..28cd33b 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -435,7 +435,9 @@
" The max amount of 0-RTT data for 1st and 2nd connection\n" \
" format: 1st_connection_value[,2nd_connection_value]\n" \
" available values: < 0 (disabled), >= 0 (enabled).\n" \
- " The absolute value is the max amount of 0-RTT data.\n"
+ " The absolute value is the max amount of 0-RTT data \n" \
+ " up to UINT32_MAX. \n"
+
#else
#define USAGE_EARLY_DATA ""
#endif /* MBEDTLS_SSL_EARLY_DATA */
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
index 5b624b5..74b6aa2 100755
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -523,5 +523,3 @@
-s "ClientHello: early_data(42) extension exists." \
-s "EncryptedExtensions: early_data(42) extension exists." \
-s "$( tail -1 $EARLY_DATA_INPUT )"
-
-