When trying to connect to “mqtt.eclipseprojects.io” broker TLS connection passes and then server sends session ticket which is getting parsed in mbedtls_ssl_read function while receiving application data. since
mbedtls_ssl_tls13_handshake_client_step function returns MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET it is considered as error and sends alert message. I just added check to make it pass when MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET return code is received and able to make the connection
MBEDTLS version : MBEDTLS 3.4.0
TLS version : TLS 1.3
int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if (ssl == NULL ||
ssl->conf == NULL ||
ssl->handshake == NULL ||
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
ret = ssl_prepare_handshake_step(ssl);
if (ret != 0) {
return ret;
}
ret = mbedtls_ssl_handle_pending_alert(ssl);
if (ret != 0) {
goto cleanup;
}
/* If ssl->conf->endpoint is not one of MBEDTLS_SSL_IS_CLIENT or
* MBEDTLS_SSL_IS_SERVER, this is the return code we give */
ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
#if defined(MBEDTLS_SSL_CLI_C)
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
MBEDTLS_SSL_DEBUG_MSG(2, (“client state: %s”,
mbedtls_ssl_states_str(ssl->state)));
switch (ssl->state) {
case MBEDTLS_SSL_HELLO_REQUEST:
ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
ret = 0;
break;
case MBEDTLS_SSL_CLIENT_HELLO:
ret = mbedtls_ssl_write_client_hello(ssl);
break;
default:
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
ret = mbedtls_ssl_tls13_handshake_client_step(ssl);
} else {
ret = mbedtls_ssl_handshake_client_step(ssl);
}
#elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
ret = mbedtls_ssl_handshake_client_step(ssl);
#else
ret = mbedtls_ssl_tls13_handshake_client_step(ssl);
#endif
}
}
#endif
#if defined(MBEDTLS_SSL_SRV_C)
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if (mbedtls_ssl_conf_is_tls13_only(ssl->conf)) {
ret = mbedtls_ssl_tls13_handshake_server_step(ssl);
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if (mbedtls_ssl_conf_is_tls12_only(ssl->conf)) {
ret = mbedtls_ssl_handshake_server_step(ssl);
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
#endif
**if(ret == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET)**
** {**
** ret = 0;**
** goto cleanup;**
** }**
if (ret != 0) {
/* handshake_step return error. And it is same
* with alert_reason.
*/
if (ssl->send_alert) {
ret = mbedtls_ssl_handle_pending_alert(ssl);
goto cleanup;
}
}
cleanup:
return ret;
}