From ea96ac3da97a3647b6d801a20ca524156c327757 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 21 Nov 2023 17:06:36 +0800
Subject: [PATCH] fix various issues

- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_server.c        | 10 ++++++----
 programs/ssl/ssl_server2.c        |  4 +++-
 tests/opt-testcases/tls13-misc.sh |  2 --
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 9f4926a9f..7a02c7169 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1850,7 +1850,8 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl)
             MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) {
         MBEDTLS_SSL_DEBUG_MSG(
             1,
-            ("EarlyData: rejected, denied by ticket permission bits."));
+            ("EarlyData: rejected, early_data not allowed in ticket "
+             "permission bits."));
         return;
     }
 
@@ -3222,10 +3223,11 @@ static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl,
     unsigned char *p = buf;
     *out_len = 0;
 
-    if ((ssl->session->ticket_flags &
-         MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) {
+    if (mbedtls_ssl_session_get_ticket_flags(
+            ssl->session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) {
         MBEDTLS_SSL_DEBUG_MSG(
-            4, ("Skip early_data extension in NST for it is not allowed."));
+            4, ("early_data not allowed, skip early_data extension in "
+                "NewSessionTicket"));
         return 0;
     }
 
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 4ef249468..28cd33b11 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -435,7 +435,9 @@ int main(void)
     "                            The max amount of 0-RTT data for 1st and 2nd connection\n" \
     "                            format:  1st_connection_value[,2nd_connection_value]\n" \
     "                            available values:  < 0 (disabled), >= 0 (enabled).\n"             \
-    "                                               The absolute value is the max amount of 0-RTT data.\n"
+    "                                               The absolute value is the max amount of 0-RTT data \n" \
+    "                                               up to UINT32_MAX. \n"
+
 #else
 #define USAGE_EARLY_DATA ""
 #endif /* MBEDTLS_SSL_EARLY_DATA */
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
index 5b624b5ec..74b6aa2d0 100755
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -523,5 +523,3 @@ run_test "TLS 1.3 G->m: EarlyData: feature is enabled, good." \
          -s "ClientHello: early_data(42) extension exists."                 \
          -s "EncryptedExtensions: early_data(42) extension exists."         \
          -s "$( tail -1 $EARLY_DATA_INPUT )"
-
-