fenrir: address review feedback on PR 10230

- tls.c: TLSX_CertWithExternPsk_GetSize takes word16*, but length was
  widened to word32 in TLSX_GetSize. Use the hsz staging variable like
  the other cases so WOLFSSL_CERT_WITH_EXTERN_PSK builds compile.
- tls.c: silence -Wunused-variable for hsz in builds where every case
  that consumes it (TLS 1.3, PSK, ETM, early data, PHA, cookie, cert
  with extern PSK) is compiled out, e.g. user_settings_tls12.h.
- test_tls_ext.c: assert session->ticketLen > 0 before mutating
  ticketAdd in the ticket-age out-of-window test so it fails loudly if
  no NewSessionTicket was received.

Author: julek-wolfssl

src/tls.c

@@ -14930,6 +14930,8 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
                         msgType == certificate_request);
     (void)cbShim;
 
+    (void)hsz;
+
     while ((extension = list)) {
         list = extension->next;
 

tests/api/test_tls_ext.c

@@ -439,6 +439,9 @@ int test_tls13_ticket_age_out_of_window(void)
     (void)wolfSSL_read(ssl_c, &tmp, sizeof(tmp));
 
     ExpectNotNull(session = wolfSSL_get1_session(ssl_c));
+    /* The test only exercises the age window check if the client actually
+     * received a NewSessionTicket and the session carries ticket material. */
+    ExpectIntGT(session->ticketLen, 0);
 
     /* Flip the high bit to push the unobfuscated age out of window. */
     if (session != NULL)