Fixes for sniffer session ticket resumption with TLS v1.2. ZD14531.

src/internal.c

@@ -30963,14 +30963,16 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         ssl->options.haveSessionId = 1;
         /* DoClientHello uses same resume code */
         if (ssl->options.resuming) {  /* let's try */
-            WOLFSSL_SESSION* session = wolfSSL_GetSession(ssl,
-                                                  ssl->arrays->masterSecret, 1);
-            #ifdef HAVE_SESSION_TICKET
-                if (ssl->options.useTicket == 1) {
-                    session = ssl->session;
-                }
-            #endif
-
+            WOLFSSL_SESSION* session;
+        #ifdef HAVE_SESSION_TICKET
+            if (ssl->options.useTicket == 1) {
+                session = ssl->session;
+            }
+            else
+        #endif
+            {
+                session = wolfSSL_GetSession(ssl, ssl->arrays->masterSecret, 1);
+            }
             if (!session) {
                 WOLFSSL_MSG("Session lookup for resume failed");
                 ssl->options.resuming = 0;
@@ -31028,10 +31030,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     #ifdef HAVE_SESSION_TICKET
         if (ssl->options.useTicket == 1) {
             session = ssl->session;
-        } else if (bogusID == 1 && ssl->options.rejectTicket == 0) {
+        }
+        else if (bogusID == 1 && ssl->options.rejectTicket == 0) {
             WOLFSSL_MSG("Bogus session ID without session ticket");
             return BUFFER_ERROR;
-        } else
+        }
+        else
     #endif
         {
             session = wolfSSL_GetSession(ssl, ssl->arrays->masterSecret, 1);

src/sniffer.c

@@ -3362,6 +3362,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
         if (session->sslServer->arrays) {
             XMEMCPY(session->sslServer->arrays->sessionID,
                 input + len - ID_LEN, ID_LEN);
+            session->sslServer->arrays->sessionIDSz = ID_LEN;
         }
     }
 
@@ -3386,6 +3387,11 @@ static int DoResume(SnifferSession* session, char* error)
     else
 #endif
     {
+    #ifdef HAVE_SESSION_TICKET
+        /* make sure "useTicket" is not set, otherwise the session will not be
+         * properly retrieved */
+        session->sslServer->options.useTicket = 0;
+    #endif
         resume = wolfSSL_GetSession(session->sslServer,
                                     session->sslServer->arrays->masterSecret, 0);
         if (resume == NULL) {
@@ -3698,6 +3704,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
     if (session->ticketID && doResume) {
         /* use ticketID to retrieve from session, prefer over sessionID */
         XMEMCPY(session->sslServer->arrays->sessionID,session->ticketID,ID_LEN);
+        session->sslServer->arrays->sessionIDSz = ID_LEN;
         session->sslServer->options.haveSessionId = 1;  /* may not have
                                                            actual sessionID */
     }
@@ -4085,8 +4092,10 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
                         return -1;
                     }
                 }
+
             #ifdef HAVE_SESSION_TICKET
-                ssl->options.useTicket = 1;
+                /* do not set "ssl->options.useTicket", since the sniffer uses
+                 * the cache differently for retaining the master secret only */
             #endif
                 XMEMCPY(session->ticketID, input + extLen - ID_LEN, ID_LEN);
             }

sslSniffer/sslSnifferTest/snifftest.c

@@ -330,7 +330,7 @@ static int myStoreDataCb(const unsigned char* decryptBuf,
 
 /* try and load as both static ephemeral and private key */
 /* only fail if no key is loaded */
-/* Allow comma seperated list of files */
+/* Allow comma separated list of files */
 static int load_key(const char* name, const char* server, int port,
     const char* keyFiles, const char* passwd, char* err)
 {