1 files changed, 21 insertions, 5 deletions

diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp
index 0ad78fc5b..7da9fdc57 100644
--- a/src/tls/s_hello.cpp
+++ b/src/tls/s_hello.cpp
@@ -25,6 +25,7 @@ Server_Hello::Server_Hello(Record_Writer& writer,
                            const Client_Hello& c_hello,
                            const std::vector<std::string>& available_cert_types,
                            const Policy& policy,
+                           bool have_session_ticket_key,
                            bool client_has_secure_renegotiation,
                            const MemoryRegion<byte>& reneg_info,
                            bool client_has_npn,
@@ -37,7 +38,9 @@ Server_Hello::Server_Hello(Record_Writer& writer,
    m_secure_renegotiation(client_has_secure_renegotiation),
    m_renegotiation_info(reneg_info),
    m_next_protocol(client_has_npn),
-   m_next_protocols(next_protocols)
+   m_next_protocols(next_protocols),
+   m_supports_session_ticket(have_session_ticket_key &&
+                             c_hello.supports_session_ticket())
    {
    suite = policy.choose_suite(
       c_hello.ciphersuites(),
@@ -51,7 +54,7 @@ Server_Hello::Server_Hello(Record_Writer& writer,
 
    comp_method = policy.choose_compression(c_hello.compression_methods());
 
-   send(writer, hash);
+   hash.update(writer.send(*this));
    }
 
 /*
@@ -66,6 +69,7 @@ Server_Hello::Server_Hello(Record_Writer& writer,
                            size_t max_fragment_size,
                            bool client_has_secure_renegotiation,
                            const MemoryRegion<byte>& reneg_info,
+                           bool client_supports_session_tickets,
                            bool client_has_npn,
                            const std::vector<std::string>& next_protocols,
                            RandomNumberGenerator& rng) :
@@ -78,9 +82,10 @@ Server_Hello::Server_Hello(Record_Writer& writer,
    m_secure_renegotiation(client_has_secure_renegotiation),
    m_renegotiation_info(reneg_info),
    m_next_protocol(client_has_npn),
-   m_next_protocols(next_protocols)
+   m_next_protocols(next_protocols),
+   m_supports_session_ticket(client_supports_session_tickets)
    {
-   send(writer, hash);
+   hash.update(writer.send(*this));
    }
 
 /*
@@ -89,6 +94,7 @@ Server_Hello::Server_Hello(Record_Writer& writer,
 Server_Hello::Server_Hello(const MemoryRegion<byte>& buf)
    {
    m_secure_renegotiation = false;
+   m_supports_session_ticket = false;
    m_next_protocol = false;
 
    if(buf.size() < 38)
@@ -132,6 +138,13 @@ Server_Hello::Server_Hello(const MemoryRegion<byte>& buf)
       m_next_protocols = npn->protocols();
       m_next_protocol = true;
       }
+
+   if(Session_Ticket* ticket = extensions.get<Session_Ticket>())
+      {
+      if(!ticket->contents().empty())
+         throw Decoding_Error("TLS server sent non-empty session ticket extension");
+      m_supports_session_ticket = true;
+      }
    }
 
 /*
@@ -163,6 +176,9 @@ MemoryVector<byte> Server_Hello::serialize() const
    if(m_next_protocol)
       extensions.add(new Next_Protocol_Notification(m_next_protocols));
 
+   if(m_supports_session_ticket)
+      extensions.add(new Session_Ticket());
+
    buf += extensions.serialize();
 
    return buf;
@@ -174,7 +190,7 @@ MemoryVector<byte> Server_Hello::serialize() const
 Server_Hello_Done::Server_Hello_Done(Record_Writer& writer,
                                      Handshake_Hash& hash)
    {
-   send(writer, hash);
+   hash.update(writer.send(*this));
    }
 
 /*