[openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method

Fri Jul 31 19:36:46 UTC 2015


On 31/07/15 20:15, Matt Caswell wrote:
> 
> 
> On 31/07/15 18:51, Jouni Malinen wrote:
>> This is the relevant part of that commit:
>>
>> @@ -1602,13 +1585,13 @@ int ssl3_send_server_hello(SSL *s)
>>  
>>      if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
>>          buf = (unsigned char *)s->init_buf->data;
>> -#ifdef OPENSSL_NO_TLSEXT
>> +
>>          p = s->s3->server_random;
>>          if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) {
>>              s->state = SSL_ST_ERR;
>>              return -1;
>>          }
>> -#endif
>> +
>>          /* Do the message type and length last */
>>          d = p = ssl_handshake_start(s);
>>  
>>
>> That ssl_fill_hello_random() call needs to be deleted to fix this issue.
>> Based on a quick test, that does indeed fix the EAP-FAST server issue I
>> saw.
>>
> 
> Duhhh. Your email reminded me that I already fixed this a little while
> ago (actually I remembered just after I implemented the fix for a second
> time!). It got stuck in our review queue and I forgot about it. I've
> just pinged it so hopefully it will become unstuck and I can get this
> committed.

https://github.com/openssl/openssl/commit/e1e088ec7f2f33c4c4ad31312d62c536441d4358

Matt