commit d67f801c63977dcd1f5876615f46d8f59ba51eff
author Ronald Cron <ronald.cron@arm.com> Wed Aug 28 07:45:57 2024 +0200
committer Ronald Cron <ronald.cron@arm.com> Wed Aug 28 10:41:54 2024 +0200
tree 8e6052638bf0ca6fd6f50b7875bdc3f6e8941db8
parent 57ad182644bbfb26248c0a639619dbed7d8da927

Do not add a new field in the SSL config

We cannot add a new field in SSL config in
an LTS. Use `session_tickets` field instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index ed3489f..2eb4f9c 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -332,8 +332,8 @@
 #define MBEDTLS_SSL_SESSION_TICKETS_DISABLED     0
 #define MBEDTLS_SSL_SESSION_TICKETS_ENABLED      1
 
-#define MBEDTLS_SSL_ENABLE_NEW_SESSION_TICKETS_DISABLED  0
-#define MBEDTLS_SSL_ENABLE_NEW_SESSION_TICKETS_ENABLED   1
+#define MBEDTLS_SSL_NEW_SESSION_TICKETS_DISABLED  0
+#define MBEDTLS_SSL_NEW_SESSION_TICKETS_ENABLED   1
 
 #define MBEDTLS_SSL_PRESET_DEFAULT              0
 #define MBEDTLS_SSL_PRESET_SUITEB               2
@@ -1458,12 +1458,6 @@
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
     defined(MBEDTLS_SSL_CLI_C)
     uint8_t MBEDTLS_PRIVATE(session_tickets);   /*!< use session tickets? */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    /** Whether we handle NewSessionTicket TLS 1.3 messages (<>0) or just ignore them (==0)
-     *  They are ignored by default.
-     */
-    uint8_t MBEDTLS_PRIVATE(new_session_tickets_enabled);
-#endif
 #endif
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
@@ -4485,8 +4479,8 @@
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
     defined(MBEDTLS_SSL_CLI_C)
 /**
- * \brief          Enable / Disable session tickets (client only).
- *                 (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)
+ * \brief          Enable / Disable TLS 1.2 session tickets (client and TLS 1.2 only).
+ *                 Disabled by default.
  *
  * \note           On server, use \c mbedtls_ssl_conf_session_tickets_cb().
  *
@@ -4496,6 +4490,16 @@
  */
 void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets);
 
+/**
+ * \brief          Get if TLS 1.2 session tickets usage is enabled or not
+ *
+ * \param conf     SSL configuration
+ *
+ * \return         MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
+ *                 MBEDTLS_SSL_SESSION_TICKETS_DISABLED
+ */
+int mbedtls_ssl_conf_get_session_tickets(const mbedtls_ssl_config *conf);
+
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
 /**
  * \brief Enable / Disable handling of TLS 1.3 NewSessionTicket messages (client and TLS 1.3 only).
@@ -4525,12 +4529,23 @@
  *        error code are then failing.
  *
  * \param conf  SSL configuration
- * \param new_session_tickets_enabled  Enable or disable
- *                                     (MBEDTLS_SSL_ENABLE_NEW_SESSION_TICKETS_ENABLED or
- *                                      MBEDTLS_SSL_ENABLE_NEW_SESSION_TICKETS_DISABLED)
+ * \param use_new_session_tickets Enable or disable
+ *                                (MBEDTLS_SSL_NEW_SESSION_TICKETS_ENABLED or
+ *                                 MBEDTLS_SSL_NEW_SESSION_TICKETS_DISABLED)
  */
 void mbedtls_ssl_conf_enable_new_session_tickets(mbedtls_ssl_config *conf,
-                                                 int new_session_tickets_enabled);
+                                                 int use_new_session_tickets);
+
+/**
+ * \brief          Get if usage of TLS 1.3 NewSessionTicket messages is enabled or not
+ *
+ * \param conf     SSL configuration
+ *
+ * \return         MBEDTLS_SSL_NEW_SESSION_TICKETS_ENABLED or
+ *                 MBEDTLS_SSL_NEW_SESSION_TICKETS_DISABLED
+ */
+int mbedtls_ssl_conf_is_new_session_tickets_enabled(const mbedtls_ssl_config *conf);
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 #endif /* MBEDTLS_SSL_SESSION_TICKETS &&
           MBEDTLS_SSL_CLI_C */