Change the default number of NewSessionTickets we send to 2

    s->psksession_id = NULL;

    s->psksession_id_len = 0;

    s->hello_retry_request = 0;

    s->sent_tickets = 0;

    s->error = 0;

    s->hit = 0;

     */

    ret->max_early_data = 0;

    /* By default we send one session ticket automatically in TLSv1.3 */

    ret->num_tickets = 1;

    /* By default we send two session tickets automatically in TLSv1.3 */

    ret->num_tickets = 2;

    ssl_ctx_system_config(ret);

     * cache.

     */

    if (SSL_IS_TLS13(s) || s->session->session_id_length > 0) {

        int i = s->session_ctx->session_cache_mode;

        SSL_SESSION *new_sess;

        /*

         * We reused an existing session, so we need to replace it with a new

            goto err;

        }

        if (i & SSL_SESS_CACHE_CLIENT) {

            /*

             * Remove the old session from the cache. We carry on if this fails

             */

            SSL_CTX_remove_session(s->session_ctx, s->session);

        }

        SSL_SESSION_free(s->session);

        s->session = new_sess;

    }

        /* Fall through */

    case TLS_ST_SW_KEY_UPDATE:

        st->hand_state = TLS_ST_OK;

        return WRITE_TRAN_CONTINUE;

    case TLS_ST_SW_SESSION_TICKET:

        /* In a resumption we only ever send a maximum of one new ticket.

         * Following an initial handshake we send the number of tickets we have

        return WORK_FINISHED_CONTINUE;

    case TLS_ST_SW_SESSION_TICKET:

        if (SSL_IS_TLS13(s)) {

        if (SSL_IS_TLS13(s) && s->sent_tickets == 0) {

            /*

             * Actually this is the end of the handshake, but we're going

             * straight into writing the session ticket out. So we finish off

    sk = NULL;

    /* Save the current hash state for when we receive the CertificateVerify */

    if (SSL_IS_TLS13(s)

            && !ssl_handshake_hash(s, s->cert_verify_hash,

    if (SSL_IS_TLS13(s)) {

        if (!ssl_handshake_hash(s, s->cert_verify_hash,

                                sizeof(s->cert_verify_hash),

                                &s->cert_verify_hash_len)) {

            /* SSLfatal() already called */

            goto err;

        }

        /* Resend session tickets */

        s->sent_tickets = 0;

    }

    ret = MSG_PROCESS_CONTINUE_READING;

 err:

        goto err;

    }

    if (SSL_IS_TLS13(s)) {

        ssl_update_cache(s, SSL_SESS_CACHE_SERVER);

        if (!tls_construct_extensions(s, pkt,

                                      SSL_EXT_TLS1_3_NEW_SESSION_TICKET,

                                      NULL, 0)) {

            goto err;

        }

        s->sent_tickets++;

        ssl_update_cache(s, SSL_SESS_CACHE_SERVER);

    }

    EVP_CIPHER_CTX_free(ctx);

    HMAC_CTX_free(hctx);

    HANDSHAKE_EX_DATA server_ex_data, client_ex_data;

    CTX_DATA client_ctx_data, server_ctx_data, server2_ctx_data;

    HANDSHAKE_RESULT *ret = HANDSHAKE_RESULT_new();

    int client_turn = 1, client_turn_count = 0;

    int client_turn = 1, client_turn_count = 0, client_wait_count = 0;

    connect_phase_t phase = HANDSHAKE;

    handshake_status_t status = HANDSHAKE_RETRY;

    const unsigned char* tick = NULL;

                    ret->result = SSL_TEST_INTERNAL_ERROR;

                    goto err;

                }

                if (client_turn && server.status == PEER_SUCCESS) {

                    /*

                     * The server may finish before the client because the

                     * client spends some turns processing NewSessionTickets.

                     */

                    if (client_wait_count++ >= 2) {

                        ret->result = SSL_TEST_INTERNAL_ERROR;

                        goto err;

                    }

                } else {

                    /* Continue. */

                    client_turn ^= 1;

                }

            }

            break;

        }

    }

    SSL *serverssl3 = NULL, *clientssl3 = NULL;

# endif

    SSL_SESSION *sess1 = NULL, *sess2 = NULL;

    int testresult = 0;

    int testresult = 0, numnewsesstick = 1;

    new_called = remove_called = 0;

    /* TLSv1.3 sends 2 NewSessionTickets */

    if (maxprot == TLS1_3_VERSION)

        numnewsesstick = 2;

    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),

                                       TLS1_VERSION, TLS_MAX_VERSION,

                                       &sctx, &cctx, cert, privkey)))

    if (use_int_cache && !TEST_false(SSL_CTX_add_session(cctx, sess1)))

        goto end;

    if (use_ext_cache

            && (!TEST_int_eq(new_called, 1) || !TEST_int_eq(remove_called, 0)))

            && (!TEST_int_eq(new_called, numnewsesstick)

                || !TEST_int_eq(remove_called, 0)))

        goto end;

    new_called = remove_called = 0;

    if (maxprot == TLS1_3_VERSION) {

        /*

         * In TLSv1.3 we should have created a new session even though we have

         * resumed. The original session should also have been removed.

         * resumed.

         */

        if (use_ext_cache

                && (!TEST_int_eq(new_called, 1)

                    || !TEST_int_eq(remove_called, 1)))

                    || !TEST_int_eq(remove_called, 0)))

            goto end;

    } else {

        /*

        goto end;

    if (use_ext_cache

            && (!TEST_int_eq(new_called, 1) || !TEST_int_eq(remove_called, 0)))

            && (!TEST_int_eq(new_called, numnewsesstick)

                || !TEST_int_eq(remove_called, 0)))

        goto end;

    new_called = remove_called = 0;

    if (use_ext_cache) {

        SSL_SESSION *tmp = sess2;

        if (!TEST_int_eq(new_called, 1)

        if (!TEST_int_eq(new_called, numnewsesstick)

                || !TEST_int_eq(remove_called, 0)

                || !TEST_int_eq(get_called, 0))

            goto end;

            goto end;

        if (maxprot == TLS1_3_VERSION) {

            /*

             * Every time we issue a NewSessionTicket we are creating a new

             * session for next time in TLSv1.3

             */

            if (!TEST_int_eq(new_called, 1)

                    || !TEST_int_eq(get_called, 0))

                goto end;

#endif

}

SSL_SESSION *sesscache[9];

static int new_cachesession_cb(SSL *ssl, SSL_SESSION *sess)

{

    sesscache[new_called++] = sess;

    return 1;

}

static int test_tickets(int idx)

{

    SSL_CTX *sctx = NULL, *cctx = NULL;

    SSL *serverssl = NULL, *clientssl = NULL;

    int testresult = 0, i;

    size_t j;

    /* idx is the test number, but also the number of tickets we want */

    new_called = 0;

    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),

                                       TLS1_VERSION, TLS_MAX_VERSION, &sctx,

                                       &cctx, cert, privkey))

            || !TEST_true(SSL_CTX_set_num_tickets(sctx, idx)))

        goto end;

    SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT

                                         | SSL_SESS_CACHE_NO_INTERNAL_STORE);

    SSL_CTX_sess_set_new_cb(cctx, new_cachesession_cb);

    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,

                                          &clientssl, NULL, NULL)))

        goto end;

    SSL_force_post_handshake_auth(clientssl);

    if (!TEST_true(create_ssl_connection(serverssl, clientssl,

                                                SSL_ERROR_NONE))

               /* Check we got the number of tickets we were expecting */

            || !TEST_int_eq(idx, new_called))

        goto end;

    /* After a post-handshake authentication we should get new tickets issued */

    SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL);

    if (!TEST_true(SSL_verify_client_post_handshake(serverssl)))

        goto end;

    /* Start handshake on the server and client */

    if (!TEST_int_eq(SSL_do_handshake(serverssl), 1)

            || !TEST_int_le(SSL_read(clientssl, NULL, 0), 0)

            || !TEST_int_le(SSL_read(serverssl, NULL, 0), 0)

            || !TEST_true(create_ssl_connection(serverssl, clientssl,

                                                SSL_ERROR_NONE))

            || !TEST_int_eq(idx * 2, new_called))

        goto end;

    SSL_CTX_sess_set_new_cb(cctx, NULL);

    SSL_shutdown(clientssl);

    SSL_shutdown(serverssl);

    SSL_free(serverssl);

    SSL_free(clientssl);

    serverssl = clientssl = NULL;

    /* Test that we can resume with all the tickets we got given */

    for (i = 0; i < new_called; i++) {

        if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,

                                              &clientssl, NULL, NULL))

                || !TEST_true(SSL_set_session(clientssl, sesscache[i]))

                || !TEST_true(create_ssl_connection(serverssl, clientssl,

                                                    SSL_ERROR_NONE))

                || !TEST_true(SSL_session_reused(clientssl)))

            goto end;

        SSL_shutdown(clientssl);

        SSL_shutdown(serverssl);

        SSL_free(serverssl);

        SSL_free(clientssl);

        serverssl = clientssl = NULL;

        SSL_SESSION_free(sesscache[i]);

        sesscache[i] = NULL;

    }

    testresult = 1;

 end:

    SSL_free(serverssl);

    SSL_free(clientssl);

    for (j = 0; j < OSSL_NELEM(sesscache); j++)

        SSL_SESSION_free(sesscache[j]);

    SSL_CTX_free(sctx);

    SSL_CTX_free(cctx);

    return testresult;

}

#define USE_NULL            0

#define USE_BIO_1           1

#define USE_BIO_2           2

# define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS       0

#endif

#define TOTAL_SSL_SET_BIO_TESTS TOTAL_NO_CONN_SSL_SET_BIO_TESTS \

                                + TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS \

                                + TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS

        goto end;

    /*

     * Make sure we process the NewSessionTicket. This arrives post-handshake.

     * We attempt a read which we do not expect to return any data.

     * Make sure we process the two NewSessionTickets. These arrive

     * post-handshake. We attempt reads which we do not expect to return any

     * data.

     */

    if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)))

    if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))

            || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf),

                           &readbytes)))

        goto end;

    /* Server should be able to write normal data */

                || (tst == 2 && snicb != 1))

            goto end;

    } else {

        /* In this case there 2 NewSessionTicket messages created */

        if (clntaddnewcb != 1

                || clntparsenewcb != 4

                || srvaddnewcb != 4

                || clntparsenewcb != 5

                || srvaddnewcb != 5

                || srvparsenewcb != 1)

            goto end;

    }

                || srvparsenewcb != 2)

            goto end;

    } else {

        /* No Certificate message extensions in the resumption handshake */

        /*

         * No Certificate message extensions in the resumption handshake,

         * 2 NewSessionTickets in the initial handshake, 1 in the resumption

         */

        if (clntaddnewcb != 2

                || clntparsenewcb != 7

                || srvaddnewcb != 7

                || clntparsenewcb != 8

                || srvaddnewcb != 8

                || srvparsenewcb != 2)

            goto end;

    }

        {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"},

        {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL},

        {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL},

        {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL},

        {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},

        {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},

        {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"},

        {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"},

        {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},

        {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TWST"},

        {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL},

        {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},

        {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},

        {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"},

        {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"},

        {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL},

        {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"},

        {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL},

        {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL},

        {SSL_CB_EXIT, NULL}, {0, NULL},

    }, {

        /* TLSv1.3 client followed by resumption */

        {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},

        {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},

        {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},

        {SSL_CB_HANDSHAKE_DONE, NULL},  {SSL_CB_EXIT, NULL},

        {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "SSLOK "},

        {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},

        {SSL_CB_HANDSHAKE_DONE, NULL},  {SSL_CB_EXIT, NULL},

        {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},

        {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL},

        {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"},  {SSL_CB_LOOP, "TREE"},

    ADD_TEST(test_session_with_only_int_cache);

    ADD_TEST(test_session_with_only_ext_cache);

    ADD_TEST(test_session_with_both_cache);

#ifndef OPENSSL_NO_TLS1_3

    ADD_ALL_TESTS(test_tickets, 3);

#endif

    ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);

    ADD_TEST(test_ssl_bio_pop_next_bio);

    ADD_TEST(test_ssl_bio_pop_ssl_bio);