Add SSL_CTX_get_num_tickets.

CPython uses this function. Our implementation is slightly weird since
it leaks the clamping behavior, but probably not a big deal.

Update-Note: When this is merged into the internal repository, we can
simplify the CPython patches.

Change-Id: I291ddf852fb463bf02998fe04d0d0e8cb358dc55
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53485
Commit-Queue: Bob Beck <[email protected]>
Auto-Submit: David Benjamin <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
Reviewed-by: Bob Beck <[email protected]>

include/openssl/ssl.h

@@ -2288,6 +2288,10 @@ OPENSSL_EXPORT SSL_SESSION *SSL_process_tls13_new_session_ticket(
 // By default, BoringSSL sends two tickets.
 OPENSSL_EXPORT int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 
+// SSL_CTX_get_num_tickets returns the number of tickets |ctx| will send
+// immediately after a successful TLS 1.3 handshake as a server.
+OPENSSL_EXPORT size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
+
 
 // Elliptic curve Diffie-Hellman.
 //

ssl/ssl_lib.cc

@@ -3037,6 +3037,8 @@ int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) {
   return 1;
 }
 
+size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx) { return ctx->num_tickets; }
+
 int SSL_set_tlsext_status_type(SSL *ssl, int type) {
   if (!ssl->config) {
     return 0;

ssl/ssl_test.cc

@@ -8151,11 +8151,13 @@ TEST(SSLTest, NumTickets) {
   for (size_t num_tickets : {0, 1, 2, 3, 4, 5}) {
     SCOPED_TRACE(num_tickets);
     ASSERT_TRUE(SSL_CTX_set_num_tickets(server_ctx.get(), num_tickets));
+    EXPECT_EQ(SSL_CTX_get_num_tickets(server_ctx.get()), num_tickets);
     EXPECT_EQ(count_tickets(), num_tickets);
   }
 
   // Configuring too many tickets causes us to stop at some point.
   ASSERT_TRUE(SSL_CTX_set_num_tickets(server_ctx.get(), 100000));
+  EXPECT_EQ(SSL_CTX_get_num_tickets(server_ctx.get()), 16u);
   EXPECT_EQ(count_tickets(), 16u);
 }