In addition it's also allowed that additional tickets may be sent in later payloads.
Naively it seems like the GSS_CON_ST_TOKEN1/GSS_CON_ST_TOKEN2 states should be removed and any NewSessionTicket payloads should be handled after GSS_CON_ST_DONE as part of the normal record parsing (especially as additional NewSessionTicket payloads may arrive at any time).
(I'm not very experienced with TLS or globus so apologies if I'm missing something or using the wrong terminology.)
Currently in the code it states:
https://github.com/gridcf/gct/blob/da14279fd3738d3b820e2aa5e8dc0dc1630c7a3a/gsi/gssapi/source/library/init_sec_context.c#L373-L430
However in the TLS 1.3 specification and OpenSSL's documentation it explictly states that any number of tickets may be sent:
In addition it's also allowed that additional tickets may be sent in later payloads.
Naively it seems like the
GSS_CON_ST_TOKEN1/GSS_CON_ST_TOKEN2states should be removed and anyNewSessionTicketpayloads should be handled afterGSS_CON_ST_DONEas part of the normal record parsing (especially as additionalNewSessionTicketpayloads may arrive at any time).Relates to https://github.com/gridcf/gct/pull/150, https://github.com/gridcf/gct/issues/174 and https://github.com/gridcf/gct/pull/177.