diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 0e54ab9eff..3a2a86199d 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2288,6 +2288,10 @@ OPENSSL_EXPORT SSL_SESSION *SSL_process_tls13_new_session_ticket( // By default, BoringSSL sends two tickets. OPENSSL_EXPORT int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +// SSL_CTX_get_num_tickets returns the number of tickets |ctx| will send +// immediately after a successful TLS 1.3 handshake as a server. +OPENSSL_EXPORT size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); + // Elliptic curve Diffie-Hellman. // diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc index 0b3febf110..bbcc3b136b 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc @@ -3037,6 +3037,8 @@ int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) { return 1; } +size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx) { return ctx->num_tickets; } + int SSL_set_tlsext_status_type(SSL *ssl, int type) { if (!ssl->config) { return 0; diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index fe85840d55..6bc015cb15 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -8151,11 +8151,13 @@ TEST(SSLTest, NumTickets) { for (size_t num_tickets : {0, 1, 2, 3, 4, 5}) { SCOPED_TRACE(num_tickets); ASSERT_TRUE(SSL_CTX_set_num_tickets(server_ctx.get(), num_tickets)); + EXPECT_EQ(SSL_CTX_get_num_tickets(server_ctx.get()), num_tickets); EXPECT_EQ(count_tickets(), num_tickets); } // Configuring too many tickets causes us to stop at some point. ASSERT_TRUE(SSL_CTX_set_num_tickets(server_ctx.get(), 100000)); + EXPECT_EQ(SSL_CTX_get_num_tickets(server_ctx.get()), 16u); EXPECT_EQ(count_tickets(), 16u); }