From 94dafcb9521d33faca662dabe9f1426eebd6280f Mon Sep 17 00:00:00 2001
From: Anthony Hu <anthony@wolfssl.com>
Date: Thu, 3 Feb 2022 15:59:14 -0500
Subject: [PATCH] Add a short caveat to client-tls13-resume.c

---
 tls/client-tls13-resume.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/tls/client-tls13-resume.c b/tls/client-tls13-resume.c
index 749b14a2..3a6519be 100644
--- a/tls/client-tls13-resume.c
+++ b/tls/client-tls13-resume.c
@@ -228,7 +228,22 @@ int main(int argc, char** argv)
     wolfSSL_FreeArrays(ssl);
 #endif
 
-    /* Save the session */
+    /* Save the session
+     *
+     * NOTE: This is not an ideal solution. Please see client-tls-resume.c.
+     * There you will see that we do not need to call wolfSSL_peek() because
+     * we have already called wolfSSL_read() before calling
+     * wolfSSL_get_session() so wolfSSL has already internally stored the
+     * session ticket. For TLS 1.2 it is fine to put wolfSSL_get_session()
+     * right after the connection is established because the resumption
+     * information is part of the TLS 1.2 handshake. This is not the case for
+     * TLS 1.3. However, if you are migrating from TLS 1.2 and are having a
+     * hard time moving your call to wolfSSL_get_session(), you can try this
+     * approach.
+     *
+     * This approach can result in issues with I/O and is best used with non-
+     * blocking mode sockets.
+     */
     session = wolfSSL_get_session(ssl);
     if (session == NULL) {
         printf("Session not available yet... trying peek\n");
@@ -393,6 +408,7 @@ exit:
     if (sslRes)
         wolfSSL_free(sslRes);      /* Free the wolfSSL object              */
 #ifdef OPENSSL_EXTRA   
+asdfasdfasdf
     if (session)
         wolfSSL_SESSION_free(session);
 #endif