[continued from previous message]

+ conn->errcode = errno;
+ return tlshd_log_error("socket recvmsg error %d", errno);
+ }
+ tlshd_log_debug("> Handshake RECV: %u %u", msg->len, msg->level);
+ ret = quic_handshake_crypto_data(conn, msg->level, msg->data, msg->len);
+ if (ret) {
+ conn->errcode = -ret;
+ return;
+ }
+ }
+
+ msg = conn->send_list;
+ while (msg) {
+ tlshd_log_debug("< Handshake SEND: %u %u", msg->len, msg->level);
+ ret = quic_handshake_sendmsg(sockfd, msg);
+ if (ret < 0) {
+ conn->errcode = errno;
+ return tlshd_log_error("socket sendmsg error %d", errno);
+ }
+ conn->send_list = msg->next;
+ free(msg);
+ msg = conn->send_list;
+ }
+ }
+
+ tlshd_quic_recv_session_ticket(conn);
+}
+#endif
diff -Nru ktls-utils-0.11/src/tlshd/server.c ktls-utils-1.0.0/src/tlshd/server.c
--- ktls-utils-0.11/src/tlshd/server.c 2024-06-14 16:54:21.000000000 +0200
+++ ktls-utils-1.0.0/src/tlshd/server.c 2025-05-05 19:58:55.000000000 +0200
@@ -2,6 +2,7 @@
* Perform a TLSv1.3 server-side handshake.
*
* Copyright (c) 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2024 Red Hat, Inc.
*
* ktls-utils is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
@@ -128,6 +129,7 @@
/**
* tlshd_server_x509_verify_function - Verify remote's x.509 certificate
* @session: session in the midst of a handshake
+ * @parms: handshake parameters
*
* A return value of %GNUTLS_E_SUCCESS indicates that the TLS session
* has been allowed to continue. tlshd either sets the peerid array if
@@ -139,17 +141,15 @@
* A return value of %GNUTLS_E_CERTIFICATE_ERROR means that certificate
* verification failed. The server sends an ALERT to the client.
*/
-static int tlshd_server_x509_verify_function(gnutls_session_t ses