commit bedddd707a0a36b4052e48be2abffdb6c3c44c45
author Ronald Cron <ronald.cron@arm.com> Tue Aug 27 14:18:50 2024 +0200
committer Ronald Cron <ronald.cron@arm.com> Tue Aug 27 15:41:18 2024 +0200
tree ccb5ccfae42d21d2bf8bf8acbbaaf3da95c41969
parent 7defa41fb39f9ac8c89a0a08e5078350f10be478

Add mbedtls_ssl_conf_enable_new_session_tickets() API

Add mbedtls_ssl_conf_enable_new_session_tickets() API
to be able to enable and disable the handling of TLS 1.3
NewSessionTicket messages.

The TLS 1.2 equivalent function is named
mbedtls_ssl_conf_session_tickets() thus the most
natural name would have been
mbedtls_ssl_conf_new_session_tickets() but it is
already used on server side thus rather
mbedtls_ssl_conf_enable_new_session_tickets().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 466c734..1f07fb3 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -324,6 +324,9 @@
 #define MBEDTLS_SSL_SESSION_TICKETS_DISABLED     0
 #define MBEDTLS_SSL_SESSION_TICKETS_ENABLED      1
 
+#define MBEDTLS_SSL_ENABLE_NEW_SESSION_TICKETS_DISABLED  0
+#define MBEDTLS_SSL_ENABLE_NEW_SESSION_TICKETS_ENABLED   1
+
 #define MBEDTLS_SSL_PRESET_DEFAULT              0
 #define MBEDTLS_SSL_PRESET_SUITEB               2
 
@@ -1447,6 +1450,12 @@
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
     defined(MBEDTLS_SSL_CLI_C)
     uint8_t MBEDTLS_PRIVATE(session_tickets);   /*!< use session tickets? */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+    /** Whether we handle NewSessionTicket TLS 1.3 messages (<>0) or just ignore them (==0)
+     *  They are ignored by default.
+     */
+    uint8_t MBEDTLS_PRIVATE(new_session_tickets_enabled);
+#endif
 #endif
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
@@ -4478,6 +4487,20 @@
  *                                         MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
  */
 void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets);
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+/**
+ * \brief Enable / Disable TLS 1.3 handling of NewSessionTicket messages (client and TLS 1.3 only).
+ *        (Default: MBEDTLS_SSL_ENABLE_NEW_SESSION_TICKETS_DISABLED)
+ *
+ * \param conf  SSL configuration
+ * \param new_session_tickets_enabled  Enable or disable
+ *                                     (MBEDTLS_SSL_ENABLE_NEW_SESSION_TICKETS_ENABLED or
+ *                                      MBEDTLS_SSL_ENABLE_NEW_SESSION_TICKETS_DISABLED)
+ */
+void mbedtls_ssl_conf_enable_new_session_tickets(mbedtls_ssl_config *conf,
+                                                 int new_session_tickets_enabled);
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 #endif /* MBEDTLS_SSL_SESSION_TICKETS &&
           MBEDTLS_SSL_CLI_C */