Implement SSL_CTX_set_num_tickets.
CPython and wpa_supplicant are using this nowadays. To avoid needing to
tweak the ticket nonce derivation, I've just internally capped the
number of tickets at 16, which should be plenty.
Change-Id: Ie84c15b81a2abe8ec729992e515e0bd4cc351037
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52465
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/ssl/internal.h b/ssl/internal.h
index 110b221..fbf9745 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -2056,6 +2056,11 @@
uint8_t grease_seed[ssl_grease_last_index + 1] = {0};
};
+// kMaxTickets is the maximum number of tickets to send immediately after the
+// handshake. We use a one-byte ticket nonce, and there is no point in sending
+// so many tickets.
+constexpr size_t kMaxTickets = 16;
+
UniquePtr<SSL_HANDSHAKE> ssl_handshake_new(SSL *ssl);
// ssl_check_message_type checks if |msg| has type |type|. If so it returns
@@ -3416,6 +3421,11 @@
// and is further constrainted by |SSL_OP_NO_*|.
uint16_t conf_min_version = 0;
+ // num_tickets is the number of tickets to send immediately after the TLS 1.3
+ // handshake. TLS 1.3 recommends single-use tickets so, by default, issue two
+ /// in case the client makes several connections before getting a renewal.
+ uint8_t num_tickets = 2;
+
// quic_method is the method table corresponding to the QUIC hooks.
const SSL_QUIC_METHOD *quic_method = nullptr;
