From 23303a47f4f02fb4ff71aa2b006a83383901aebd Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 27 Aug 2024 09:27:28 +0200 Subject: [PATCH] Enable TLS 1.3 ticket handling in resumption tests Signed-off-by: Ronald Cron --- programs/ssl/ssl_client2.c | 18 +++++++++++++++--- tests/src/test_helpers/ssl_helpers.c | 3 +++ 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index cd839c1610..cf21569697 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -82,6 +82,7 @@ int main(void) #define DFL_CID_VALUE_RENEGO NULL #define DFL_RECONNECT_HARD 0 #define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED +#define DFL_NEW_SESSION_TICKETS MBEDTLS_SSL_ENABLE_NEW_SESSION_TICKETS_ENABLED #define DFL_ALPN_STRING NULL #define DFL_GROUPS NULL #define DFL_SIG_ALGS NULL @@ -198,7 +199,8 @@ int main(void) #if defined(MBEDTLS_SSL_SESSION_TICKETS) #define USAGE_TICKETS \ - " tickets=%%d default: 1 (enabled)\n" + " tickets=%%d default: 1 (enabled)\n" \ + " new_session_tickets=%%d default: 1 (enabled)\n" #else #define USAGE_TICKETS "" #endif /* MBEDTLS_SSL_SESSION_TICKETS */ @@ -514,7 +516,8 @@ struct options { int reco_delay; /* delay in seconds before resuming session */ int reco_mode; /* how to keep the session around */ int reconnect_hard; /* unexpectedly reconnect from the same port */ - int tickets; /* enable / disable session tickets */ + int tickets; /* enable / disable session tickets (TLS 1.2) */ + int new_session_tickets; /* enable / disable new session tickets (TLS 1.3) */ const char *groups; /* list of supported groups */ const char *sig_algs; /* supported TLS 1.3 signature algorithms */ const char *alpn_string; /* ALPN supported protocols */ @@ -969,6 +972,7 @@ int main(int argc, char *argv[]) opt.reco_mode = DFL_RECO_MODE; opt.reconnect_hard = DFL_RECONNECT_HARD; opt.tickets = DFL_TICKETS; + opt.new_session_tickets = DFL_NEW_SESSION_TICKETS; opt.alpn_string = DFL_ALPN_STRING; opt.groups = DFL_GROUPS; opt.sig_algs = DFL_SIG_ALGS; @@ -1226,6 +1230,11 @@ usage: if (opt.tickets < 0) { goto usage; } + } else if (strcmp(p, "new_session_tickets") == 0) { + opt.tickets = atoi(q); + if (opt.new_session_tickets < 0) { + goto usage; + } } else if (strcmp(p, "alpn") == 0) { opt.alpn_string = q; } else if (strcmp(p, "extended_ms") == 0) { @@ -1936,7 +1945,10 @@ usage: #if defined(MBEDTLS_SSL_SESSION_TICKETS) mbedtls_ssl_conf_session_tickets(&conf, opt.tickets); -#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + mbedtls_ssl_conf_enable_new_session_tickets(&conf, opt.new_session_tickets); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) { mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite); diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index f546e76021..7d5d889ce3 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2543,6 +2543,9 @@ int mbedtls_test_get_tls13_ticket( server_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); + mbedtls_ssl_conf_enable_new_session_tickets( + &client_ep.conf, MBEDTLS_SSL_ENABLE_NEW_SESSION_TICKETS_ENABLED); + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, mbedtls_test_ticket_write, mbedtls_test_ticket_parse,