Fix session ticket and SNI

     * all the work otherwise use generated values from parent ctx.

     */

    if (tctx->tlsext_ticket_key_cb) {

        if (tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx, hctx, 1) < 0)

        /* if 0 is returned, write an empty ticket */

        int ret = tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx,

                                             hctx, 1);

        if (ret == 0) {

            l2n(0, p); /* timeout */

            s2n(0, p); /* length */

            if (!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, p - ssl_handshake_start(s)))

                goto err;

            OPENSSL_free(senc);

            EVP_CIPHER_CTX_free(ctx);

            HMAC_CTX_free(hctx);

            return 1;

        }

        if (ret < 0)

            goto err;

        iv_len = EVP_CIPHER_CTX_iv_length(ctx);

    } else {

            return NULL;

        s2n(TLSEXT_TYPE_session_ticket, ret);

        s2n(0, ret);

    } else {

        /* if we don't add the above TLSEXT, we can't add a session ticket later */

        s->tlsext_ticket_expected = 0;

    }

    if (s->tlsext_status_expected) {

  - AcceptAll - accepts all certificates.

  - RejectAll - rejects all certificates.

* ServerName - the server the client is expected to successfully connect to

  - server1 - the initial context (default)

  - server2 - the secondary context

* SessionTicketExpected - whether or not a session ticket is expected

  - Ignore - do not check for a session ticket (default)

  - Yes - a session ticket is expected

  - No - a session ticket is not expected

  - Broken - a special test case where the session ticket callback does not initialize crypto

## Configuring the client and server

The client and server configurations can be any valid `SSL_CTX`

}

```

A server2 section may optionally be defined to configure a secondary

context that is selected via the ServerName test option. If the server2

section is not configured, then the configuration matches server.

### Default server and client configurations

The default server certificate and CA files are added to the configurations

    # Add the implicit base configuration.

    foreach my $test (@ssltests::tests) {

        $test->{"server"} = { (%ssltests::base_server, %{$test->{"server"}}) };

	# use server values if server2 is not defined

	if (defined $test->{"server2"}) {

	    $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server2"}}) };

	} else {

	    $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server"}}) };

	}

        $test->{"client"} = { (%ssltests::base_client, %{$test->{"client"}}) };

    }

typedef struct handshake_ex_data {

    int alert_sent;

    int alert_received;

    int session_ticket_do_not_call;

} HANDSHAKE_EX_DATA;

static int ex_data_idx;

    return 1;

}

static int broken_session_ticket_callback(SSL* s, unsigned char* key_name, unsigned char *iv,

                                          EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)

{

    return 0;

}

int do_not_call_session_ticket_callback(SSL* s, unsigned char* key_name, unsigned char *iv,

                                        EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)

{

    HANDSHAKE_EX_DATA *ex_data =

        (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));

    ex_data->session_ticket_do_not_call = 1;

    return 0;

}

/*

 * Configure callbacks and other properties that can't be set directly

 * in the server/client CONF.

 */

static void configure_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx,

static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *client_ctx,

                                    const SSL_TEST_CTX *test_ctx)

{

    switch (test_ctx->client_verify_callback) {

    default:

        break;

    }

    if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN) {

        SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_callback);

    }

}

/*

 * Configure callbacks and other properties that can't be set directly

 * in the server/client CONF.

 */

static void configure_handshake_ssl(SSL *server, SSL *client,

                                    const SSL_TEST_CTX *test_ctx)

{

    SSL_set_tlsext_host_name(client, ssl_servername_name(test_ctx->servername));

}

    int client_turn = 1;

    peer_status_t client_status = PEER_RETRY, server_status = PEER_RETRY;

    handshake_status_t status = HANDSHAKE_RETRY;

    unsigned char* tick = NULL;

    size_t len = 0;

    SSL_SESSION* sess = NULL;

    configure_handshake(server_ctx, client_ctx, test_ctx);

    configure_handshake_ctx(server_ctx, client_ctx, test_ctx);

    server = SSL_new(server_ctx);

    client = SSL_new(client_ctx);

    OPENSSL_assert(server != NULL && client != NULL);

    configure_handshake_ssl(server, client, test_ctx);

    memset(&server_ex_data, 0, sizeof(server_ex_data));

    memset(&client_ex_data, 0, sizeof(client_ex_data));

    memset(&ret, 0, sizeof(ret));

    ret.client_alert_received = server_ex_data.alert_received;

    ret.server_protocol = SSL_version(server);

    ret.client_protocol = SSL_version(client);

    ret.servername = ((SSL_get_SSL_CTX(server) == server_ctx)

                      ? SSL_TEST_SERVERNAME_SERVER1

                      : SSL_TEST_SERVERNAME_SERVER2);

    if ((sess = SSL_get0_session(client)) != NULL)

        SSL_SESSION_get0_ticket(sess, &tick, &len);

    if (tick == NULL || len == 0)

        ret.session_ticket = SSL_TEST_SESSION_TICKET_NO;

    else

        ret.session_ticket = SSL_TEST_SESSION_TICKET_YES;

    ret.session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call;

    SSL_free(server);

    SSL_free(client);