commit 5bc5263b2c501eadd9ae820a985a9c1b575a3fd4
author Waleed Elmelegy <waleed.elmelegy@arm.com> Tue Mar 12 16:25:08 2024 +0000
committer Waleed Elmelegy <waleed.elmelegy@arm.com> Wed Mar 13 16:50:01 2024 +0000
tree 5316f0f9dba9fe0a2b880f2234fa7890b5eb0e87
parent 7dfba344752ba39b5c539d80964ccb0403133146

Add code improvments and refactoring in dealing with ALPN

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index b05bfe1..57d7bc6 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1305,7 +1305,8 @@
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */
 
 #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C)
-    char *ticket_alpn;                      /*!< ALPN negotiated in the session */
+    char *ticket_alpn;                      /*!< ALPN negotiated in the session
+                                                 during which the ticket was generated. */
 #endif
 
 #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C)

library/ssl_misc.h

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 948c802..a8807f6 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2855,8 +2855,8 @@
 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_EARLY_DATA) && \
     defined(MBEDTLS_SSL_ALPN)
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_session_set_alpn(mbedtls_ssl_session *session,
-                                 const char *alpn);
+int mbedtls_ssl_session_set_ticket_alpn(mbedtls_ssl_session *session,
+                                        const char *alpn);
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 9c73c7a..9453c69 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -469,8 +469,7 @@
     dst->max_early_data_size = src->max_early_data_size;
 
 #if defined(MBEDTLS_SSL_ALPN)
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    ret = mbedtls_ssl_session_set_alpn(dst, src->ticket_alpn);
+    int ret = mbedtls_ssl_session_set_ticket_alpn(dst, src->ticket_alpn);
     if (ret != 0) {
         return ret;
     }
@@ -3146,9 +3145,11 @@
     MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
 
 #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN)
-    ret = mbedtls_ssl_session_set_alpn(session, ssl->alpn_chosen);
-    if (ret != 0) {
-        return ret;
+    if (session->ticket_alpn == NULL) {
+        ret = mbedtls_ssl_session_set_ticket_alpn(session, ssl->alpn_chosen);
+        if (ret != 0) {
+            return ret;
+        }
     }
 #endif
 

tests/src/test_helpers/ssl_helpers.c

diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 9c1676f..963938f 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -1794,8 +1794,7 @@
 #if defined(MBEDTLS_SSL_EARLY_DATA)
     session->max_early_data_size = 0x87654321;
 #if defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C)
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    ret = mbedtls_ssl_session_set_alpn(session, "ALPNExample");
+    int ret = mbedtls_ssl_session_set_ticket_alpn(session, "ALPNExample");
     if (ret != 0) {
         return -1;
     }