I'll be moving on to an HTTPS client next so I may be able to test the same point in the TLS handshake for the TCP case.
I don't have a time estimate for this work yet. Regards, David -----Original Message----- From: Alan DeKok via RT [mailto:r...@openssl.org] Sent: Wednesday, September 09, 2009 5:17 PM To: david.good...@g2microsystems.com Cc: openssl-dev@openssl.org Subject: RE: [openssl.org #2036] bug report: TLS session resumption not checking for existence of client finished message Steve said: > I'm not sure this is an OpenSSL bug either. To use EAP IIRC you need > to patch OpenSSL and use additional code to support it. I'd suggest > contacting the patch/additional code author. EAP is just another transport layer for SSL, like TCP. Our code implements a full transport for SSL, using memory BIOs to copy the data from the transport layer to OpenSSL. We're seeing that TLS works fine. Then we do the 2-3 API calls to add session resumption. Session resumption works, and normal TLS works, too. However... as the original comment said, something seems to be going wrong with the SSL exchange. Our code that handles TLS "is session established" doesn't change when using session resumption. However, the change cipher spec notification doesn't seem to get sent, *and* OpenSSL is telling our APP that the session is established. Alan DeKok. d ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
