Add ssl_set_session_tickets()

library/ssl_cli.c

@@ -328,6 +328,12 @@ static void ssl_write_session_ticket_ext( ssl_context *ssl,
     unsigned char *p = buf;
     size_t tlen = ssl->session_negotiate->ticket_len;
 
+    if( ssl->session_tickets == SSL_SESSION_TICKETS_DISABLED )
+    {
+        *olen = 0;
+        return;
+    }
+
     SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) );
 
     *p++ = (unsigned char)( ( TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
@@ -648,8 +654,11 @@ static int ssl_parse_session_ticket_ext( ssl_context *ssl,
                                          const unsigned char *buf,
                                          size_t len )
 {
-    if( len != 0 )
+    if( ssl->session_tickets == SSL_SESSION_TICKETS_DISABLED ||
+        len != 0 )
+    {
         return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+    }
 
     ((void) buf);
 

library/ssl_srv.c

@@ -534,6 +534,9 @@ static int ssl_parse_session_ticket_ext( ssl_context *ssl,
                                          const unsigned char *buf,
                                          size_t len )
 {
+    if( ssl->session_tickets == SSL_SESSION_TICKETS_DISABLED )
+        return( 0 );
+
     /* Remember the client asked us to send a new ticket */
     ssl->handshake->new_session_ticket = 1;
 

library/ssl_tls.c

@@ -2978,6 +2978,9 @@ int ssl_session_reset( ssl_context *ssl )
 void ssl_set_endpoint( ssl_context *ssl, int endpoint )
 {
     ssl->endpoint   = endpoint;
+
+    if( endpoint == SSL_IS_CLIENT )
+        ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED;
 }
 
 void ssl_set_authmode( ssl_context *ssl, int authmode )
@@ -3225,6 +3228,13 @@ void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy )
     ssl->allow_legacy_renegotiation = allow_legacy;
 }
 
+int ssl_set_session_tickets( ssl_context *ssl, int use_tickets )
+{
+    ssl->session_tickets = use_tickets;
+
+    return( 0 );
+}
+
 /*
  * SSL get accessors
  */