[openssl-users] SSL_read() returns -1, and SSL_read_ex does not update readbytes where a record containing a session ticket is being read (TLS 1.3)

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Jan 23 14:04:24 UTC 2019


I'm working with wpa_supplicant to try and fix up its EAP-TTLS and EAP-PEAP implementations to work correctly with TLS 1.3 and session tickets.

Where a new_session_ticket message is sent after client/server finish, calls to SSL_read() result in the new_session_ticket message being processed correctly, but SSL_read() returns -1 if no application_data is available in the input BIO. SSL_read_ex() returns 0, but readbytes isn't updated to reflect the number of bytes consumed whilst processing the session tickets.

It seems to be that SSL_read() should return a positive integer representing the number of bytes read from the BIO whilst processing the session tickets, and SSL_read_ex should update readbytes to the number of bytes read from the BIO whilst processing the session tickets, as is done with other handshake messages.

Can someone comment on whether this is a defect, or intended behaviour used to signal that no application_data was processed?

-Arran



More information about the openssl-users mailing list