Topic: [SOLVED] Old certificates not discarded when server resume fails
I am using wolfSSL_get1_session and wolfSSL_set_session to enable TLS session resumption.
Each time when the server creates a new session instead of resuming the session (I trigger this by restarting my test openssl s_server, so that its session cache and ticket encryption key are dropped), the number of session's certificate chains increases. (The number which is returned by wolfSSL_get_chain_count(chain) when running on the chain obtained through wolfSSL_get_peer_chain(ssl) )
This happens for both session ID and ticket-based session resumption.
Is this expected behavior? And if so, are there any guidelines how to work with the certificate chains in such case, e.g. for the purpose of hostname validation?