add Policy::new_session_tickets_upon_handshake_success()

src/bogo_shim/bogo_shim.cpp

@@ -1066,6 +1066,11 @@ class Shim_Policy final : public Botan::TLS::Policy
 
       //uint32_t session_ticket_lifetime() const override;
 
+      size_t new_session_tickets_upon_handshake_success() const override
+         {
+         return m_args.flag_set("no-ticket") ? 0 : 1;
+         }
+
       std::vector<uint16_t> srtp_profiles() const override
          {
          if(m_args.option_used("srtp-profiles"))
@@ -1597,16 +1602,6 @@ class Shim_Callbacks final : public Botan::TLS::Callbacks
             return;
             }
 
-         if(m_args.flag_set("server"))
-            {
-            auto server = dynamic_cast<Botan::TLS::Server*>(m_channel);
-            BOTAN_ASSERT_NONNULL(server);
-            if(server->new_session_ticket_supported() && !m_args.flag_set("no-ticket"))
-               {
-               server->send_new_session_tickets();
-               }
-            }
-
          if(size_t length = m_args.get_int_opt_or_else("export-keying-material", 0))
             {
             const std::string label = m_args.get_string_opt("export-label");

src/lib/tls/tls13/tls_server_impl_13.cpp

@@ -444,6 +444,12 @@ void Server_Impl_13::handle(const Finished_13& finished_msg)
    m_transitions.set_expected_next({});
 
    callbacks().tls_session_activated();
+
+   if(new_session_ticket_supported())
+      {
+      send_new_session_tickets(
+         policy().new_session_tickets_upon_handshake_success());
+      }
    }
 
 }  // namespace Botan::TLS

src/lib/tls/tls_policy.cpp

@@ -275,6 +275,11 @@ std::chrono::seconds Policy::session_ticket_lifetime() const
    return std::chrono::days(1);
    }
 
+size_t Policy::new_session_tickets_upon_handshake_success() const
+   {
+   return 1;
+   }
+
 bool Policy::acceptable_protocol_version(Protocol_Version version) const
    {
 #if defined(BOTAN_HAS_TLS_13)
@@ -582,6 +587,7 @@ void Policy::print(std::ostream& o) const
       o << "record_size_limit = " << record_size_limit().has_value() << '\n';
    }
    o << "session_ticket_lifetime = " << session_ticket_lifetime().count() << '\n';
+   o << "new_session_tickets_upon_handshake_success = " << new_session_tickets_upon_handshake_success() << '\n';
    o << "minimum_dh_group_size = " << minimum_dh_group_size() << '\n';
    o << "minimum_ecdh_group_size = " << minimum_ecdh_group_size() << '\n';
    o << "minimum_rsa_bits = " << minimum_rsa_bits() << '\n';

src/lib/tls/tls_policy.h

@@ -256,6 +256,18 @@ class BOTAN_PUBLIC_API(2,0) Policy
       */
       virtual std::chrono::seconds session_ticket_lifetime() const;
 
+      /**
+      * Return the number of new session tickets a TLS 1.3 server should issue
+      * automatically upon a successful handshake. Note that applications can
+      * use `TLS::Server::send_new_session_tickets()` regardless of this policy.
+      *
+      * For convenience (and compatibility with the TLS 1.2 behaviour), this
+      * returns '1' by default.
+      *
+      * @note Has an effect on TLS 1.3 connections, only.
+      */
+      virtual size_t new_session_tickets_upon_handshake_success() const;
+
       /**
       * If this returns a non-empty vector, and DTLS is negotiated,
       * then we will also attempt to negotiate the SRTP extension from
@@ -633,6 +645,8 @@ class BOTAN_PUBLIC_API(2,0) Text_Policy : public Policy
 
       std::chrono::seconds session_ticket_lifetime() const override;
 
+      size_t new_session_tickets_upon_handshake_success() const override;
+
       bool tls_13_middlebox_compatibility_mode() const override;
 
       bool hash_hello_random() const override;

src/lib/tls/tls_text_policy.cpp

@@ -201,6 +201,11 @@ std::chrono::seconds Text_Policy::session_ticket_lifetime() const
    return std::chrono::seconds(get_len("session_ticket_lifetime", Policy::session_ticket_lifetime().count()));
    }
 
+size_t Text_Policy::new_session_tickets_upon_handshake_success() const
+   {
+   return get_len("new_session_tickets_upon_handshake_success", Policy::new_session_tickets_upon_handshake_success());
+   }
+
 std::vector<uint16_t> Text_Policy::srtp_profiles() const
    {
    std::vector<uint16_t> r;

src/tests/data/tls-policy/rfc8448_1rtt.txt

@@ -17,6 +17,12 @@ hide_unknown_users = false
 server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 30
+
+# In fact, the 1-RTT server part is supposed to emit a NewSessionTicket message.
+# Though, for the sake of clarity we disable auto-emission and manually call
+# `send_new_session_tickets()` in the test code.
+new_session_tickets_upon_handshake_success = 0
+
 minimum_dh_group_size = 2048
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 1024

src/tests/data/tls-policy/rfc8448_compat_client.txt

@@ -17,6 +17,7 @@ hide_unknown_users = false
 server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 86400
+new_session_tickets_upon_handshake_success = 0
 minimum_dh_group_size = 2048
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 1024

src/tests/data/tls-policy/rfc8448_compat_server.txt

@@ -17,6 +17,7 @@ hide_unknown_users = false
 server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 86400
+new_session_tickets_upon_handshake_success = 0
 minimum_dh_group_size = 2048
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 1024

src/tests/data/tls-policy/rfc8448_hrr_client.txt

@@ -17,6 +17,7 @@ hide_unknown_users = false
 server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 86400
+new_session_tickets_upon_handshake_success = 0
 minimum_dh_group_size = 2048
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 1024

src/tests/data/tls-policy/rfc8448_hrr_server.txt

@@ -16,6 +16,7 @@ hide_unknown_users = false
 server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 86400
+new_session_tickets_upon_handshake_success = 0
 minimum_dh_group_size = 2048
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 1024