[openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method

Fri Jul 31 19:15:13 UTC 2015

On 31/07/15 18:51, Jouni Malinen wrote:
> This is the relevant part of that commit:
> 
> @@ -1602,13 +1585,13 @@ int ssl3_send_server_hello(SSL *s)
>  
>      if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
>          buf = (unsigned char *)s->init_buf->data;
> -#ifdef OPENSSL_NO_TLSEXT
> +
>          p = s->s3->server_random;
>          if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) {
>              s->state = SSL_ST_ERR;
>              return -1;
>          }
> -#endif
> +
>          /* Do the message type and length last */
>          d = p = ssl_handshake_start(s);
>  
> 
> That ssl_fill_hello_random() call needs to be deleted to fix this issue.
> Based on a quick test, that does indeed fix the EAP-FAST server issue I
> saw.
> 

Duhhh. Your email reminded me that I already fixed this a little while
ago (actually I remembered just after I implemented the fix for a second
time!). It got stuck in our review queue and I forgot about it. I've
just pinged it so hopefully it will become unstuck and I can get this
committed.

Matt