fix various issues

- get ticket_flags with function. - improve output message and check it. - improve `ssl_server2` help message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 17:06:36 +08:00 · 2023-11-21 17:06:36 +08:00 · ea96ac3da9
commit ea96ac3da9
parent 3db60dfe5e
3 changed files with 9 additions and 7 deletions
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -1850,7 +1850,8 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl)
            MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) {
        MBEDTLS_SSL_DEBUG_MSG(
            1,
-            ("EarlyData: rejected, denied by ticket permission bits."));
+            ("EarlyData: rejected, early_data not allowed in ticket "
+             "permission bits."));
        return;
    }

@ -3222,10 +3223,11 @@ static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl,
    unsigned char *p = buf;
    *out_len = 0;

-    if ((ssl->session->ticket_flags &
-         MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) {
+    if (mbedtls_ssl_session_get_ticket_flags(
+            ssl->session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) {
        MBEDTLS_SSL_DEBUG_MSG(
-            4, ("Skip early_data extension in NST for it is not allowed."));
+            4, ("early_data not allowed, skip early_data extension in "
+                "NewSessionTicket"));
        return 0;
    }

--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -435,7 +435,9 @@ int main(void)
    "                            The max amount of 0-RTT data for 1st and 2nd connection\n" \
    "                            format:  1st_connection_value[,2nd_connection_value]\n" \
    "                            available values:  < 0 (disabled), >= 0 (enabled).\n"             \
-    "                                               The absolute value is the max amount of 0-RTT data.\n"
+    "                                               The absolute value is the max amount of 0-RTT data \n" \
+    "                                               up to UINT32_MAX. \n"
+
 #else
 #define USAGE_EARLY_DATA ""
 #endif /* MBEDTLS_SSL_EARLY_DATA */
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@ -523,5 +523,3 @@ run_test "TLS 1.3 G->m: EarlyData: feature is enabled, good." \
         -s "ClientHello: early_data(42) extension exists."                 \
         -s "EncryptedExtensions: early_data(42) extension exists."         \
         -s "$( tail -1 $EARLY_DATA_INPUT )"
-
-