[openssl-dev] EAP-FAST and OpenSSL 1.1.x with new client TLS state machine
Matt Caswell
matt at openssl.org
Fri Dec 4 20:30:58 UTC 2015
On 04/12/15 13:08, Jouni Malinen wrote:
> On Fri, Dec 04, 2015 at 10:27:48AM +0000, Matt Caswell wrote:
>> EAP-FAST is very strange. Normally you know whether you are resuming a
>> session or not based on the session id returned from the server. However
>> that's not the case with EAP-FAST - you have to wait to see what message
>> the server sends you next to determine what's happening (which is really
>> horrible).
>
> Indeed. EAP-FAST is a good example of what can happen if a company
> designs a new EAP method and pushes that to the market without going
> through proper IETF review.. This part here is not the only difficult
> item in supporting EAP-FAST. :(
>
>> The new state machine code waits until a message is received from the
>> peer and then checks it against its allowed list of transitions based on
>> its current state. If its not allowed then you get an unexpected message
>> alert. It looks like the check for the EAP-FAST session resumption case
>> is missing from the new code.
>>
>> Please can you try the attached patch and see if that resolves the
>> issue? Let me know how you get on.
>
> Thanks! That fixes the issue. With this applied on top of the current
> master branch snapshot, I was able to pass all my EAP regression tests.
>
This has now been committed to master.
Matt
More information about the openssl-dev
mailing list