The compatibility with 1.0.0beta1 required more changes than I thought...the function tls1_PRF was modified significantly. So here's a working version of the patch:
--- ssl/ssl.h 2008-12-27 03:09:23.000000000 +0100 +++ ssl/ssl.h 2009-04-17 11:03:58.000000000 +0200 @@ -1770,6 +1770,10 @@ /* Pre-shared secret session resumption functions */ int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); +void SSL_tls1_key_extractor(SSL *s, unsigned char *label, int label_len, + unsigned char *context, int context_len, + unsigned char *out, int olen); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. --- ssl/t1_enc.c 2009-01-11 21:34:23.000000000 +0100 +++ ssl/t1_enc.c 2009-04-17 11:06:30.000000000 +0200 @@ -1006,3 +1006,17 @@ } } +void SSL_tls1_key_extractor(SSL *s, unsigned char *label, int label_len, + unsigned char *context, int context_len, + unsigned char *out, int olen) + { + unsigned char tmp[olen]; + + tls1_PRF(s->s3->tmp.new_cipher->algorithm2, + label, label_len, + s->s3->client_random,SSL3_RANDOM_SIZE, + s->s3->server_random,SSL3_RANDOM_SIZE, + context, context_len, NULL, 0, + s->session->master_key, s->session->master_key_length, + out, tmp, olen); + } ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org