[openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method
Matt Caswell
matt at openssl.org
Fri Jul 31 19:36:46 UTC 2015
On 31/07/15 20:15, Matt Caswell wrote:
>
>
> On 31/07/15 18:51, Jouni Malinen wrote:
>> This is the relevant part of that commit:
>>
>> @@ -1602,13 +1585,13 @@ int ssl3_send_server_hello(SSL *s)
>>
>> if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
>> buf = (unsigned char *)s->init_buf->data;
>> -#ifdef OPENSSL_NO_TLSEXT
>> +
>> p = s->s3->server_random;
>> if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) {
>> s->state = SSL_ST_ERR;
>> return -1;
>> }
>> -#endif
>> +
>> /* Do the message type and length last */
>> d = p = ssl_handshake_start(s);
>>
>>
>> That ssl_fill_hello_random() call needs to be deleted to fix this issue.
>> Based on a quick test, that does indeed fix the EAP-FAST server issue I
>> saw.
>>
>
> Duhhh. Your email reminded me that I already fixed this a little while
> ago (actually I remembered just after I implemented the fix for a second
> time!). It got stuck in our review queue and I forgot about it. I've
> just pinged it so hopefully it will become unstuck and I can get this
> committed.
https://github.com/openssl/openssl/commit/e1e088ec7f2f33c4c4ad31312d62c536441d4358
Matt
More information about the openssl-dev
mailing list