Enable TLS 1.3 ticket handling in resumption tests

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-03-09 10:14:11 +00:00 · 2024-08-27 09:27:28 +02:00 · 2024-08-27 09:27:28 +02:00 · 23303a47f4
commit 23303a47f4
parent b675b2ba5d
2 changed files with 18 additions and 3 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -82,6 +82,7 @@ int main(void)
 #define DFL_CID_VALUE_RENEGO    NULL
 #define DFL_RECONNECT_HARD      0
 #define DFL_TICKETS             MBEDTLS_SSL_SESSION_TICKETS_ENABLED
+#define DFL_NEW_SESSION_TICKETS MBEDTLS_SSL_ENABLE_NEW_SESSION_TICKETS_ENABLED
 #define DFL_ALPN_STRING         NULL
 #define DFL_GROUPS              NULL
 #define DFL_SIG_ALGS            NULL
@ -198,7 +199,8 @@ int main(void)

 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
 #define USAGE_TICKETS                                       \
-    "    tickets=%%d          default: 1 (enabled)\n"
+    "    tickets=%%d              default: 1 (enabled)\n"    \
+    "    new_session_tickets=%%d  default: 1 (enabled)\n"
 #else
 #define USAGE_TICKETS ""
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
@ -514,7 +516,8 @@ struct options {
    int reco_delay;             /* delay in seconds before resuming session */
    int reco_mode;              /* how to keep the session around           */
    int reconnect_hard;         /* unexpectedly reconnect from the same port */
-    int tickets;                /* enable / disable session tickets         */
+    int tickets;                /* enable / disable session tickets (TLS 1.2) */
+    int new_session_tickets;    /* enable / disable new session tickets (TLS 1.3) */
    const char *groups;         /* list of supported groups                 */
    const char *sig_algs;       /* supported TLS 1.3 signature algorithms   */
    const char *alpn_string;    /* ALPN supported protocols                 */
@ -969,6 +972,7 @@ int main(int argc, char *argv[])
    opt.reco_mode           = DFL_RECO_MODE;
    opt.reconnect_hard      = DFL_RECONNECT_HARD;
    opt.tickets             = DFL_TICKETS;
+    opt.new_session_tickets = DFL_NEW_SESSION_TICKETS;
    opt.alpn_string         = DFL_ALPN_STRING;
    opt.groups              = DFL_GROUPS;
    opt.sig_algs            = DFL_SIG_ALGS;
@ -1226,6 +1230,11 @@ usage:
            if (opt.tickets < 0) {
                goto usage;
            }
+        } else if (strcmp(p, "new_session_tickets") == 0) {
+            opt.tickets = atoi(q);
+            if (opt.new_session_tickets < 0) {
+                goto usage;
+            }
        } else if (strcmp(p, "alpn") == 0) {
            opt.alpn_string = q;
        } else if (strcmp(p, "extended_ms") == 0) {
@ -1936,7 +1945,10 @@ usage:

 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
    mbedtls_ssl_conf_session_tickets(&conf, opt.tickets);
-#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+    mbedtls_ssl_conf_enable_new_session_tickets(&conf, opt.new_session_tickets);
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */

    if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) {
        mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite);
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@ -2543,6 +2543,9 @@ int mbedtls_test_get_tls13_ticket(
                                         server_options, NULL, NULL, NULL);
    TEST_EQUAL(ret, 0);

+    mbedtls_ssl_conf_enable_new_session_tickets(
+        &client_ep.conf, MBEDTLS_SSL_ENABLE_NEW_SESSION_TICKETS_ENABLED);
+
    mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
                                        mbedtls_test_ticket_write,
                                        mbedtls_test_ticket_parse,