Add SSL_new_session_ticket() API

This API requests that the TLS stack generate a (TLS 1.3) NewSessionTicket message the next time it is safe to do so (i.e., we do not have other data pending write, which could be mid-record). For efficiency, defer actually generating/writing the ticket until there is other data to write, to avoid producing server-to-client traffic when not needed. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11416)
author: Benjamin Kaduk <bkaduk@akamai.com> 2020-03-16 11:25:58 -0700
committer: Ben Kaduk <kaduk@mit.edu> 2020-05-01 15:10:11 -0700
commit: 3bfacb5fd4679812a7b9ec61d296b1add64669c0 (patch)
tree: bc10cebef57dc828c7da742dada9a3e05910884a /ssl/record
parent: 6250282f7fc37c5903d051174a69053a80e1b1bd (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index d4198917d0..bceac72051 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -384,10 +384,12 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
     s->rlayer.wnum = 0;
 
     /*
-     * If we are supposed to be sending a KeyUpdate then go into init unless we
-     * have writes pending - in which case we should finish doing that first.
+     * If we are supposed to be sending a KeyUpdate or NewSessionTicket then go
+     * into init unless we have writes pending - in which case we should finish
+     * doing that first.
      */
-    if (wb->left == 0 && s->key_update != SSL_KEY_UPDATE_NONE)
+    if (wb->left == 0 && (s->key_update != SSL_KEY_UPDATE_NONE
+                          || s->ext.extra_tickets_expected > 0))
         ossl_statem_set_in_init(s, 1);
 
     /*
author	Benjamin Kaduk <bkaduk@akamai.com>	2020-03-16 11:25:58 -0700
committer	Ben Kaduk <kaduk@mit.edu>	2020-05-01 15:10:11 -0700
commit	3bfacb5fd4679812a7b9ec61d296b1add64669c0 (patch)
tree	bc10cebef57dc828c7da742dada9a3e05910884a /ssl/record
parent	6250282f7fc37c5903d051174a69053a80e1b1bd (diff)