On 31/07/15 18:51, Jouni Malinen wrote: > This is the relevant part of that commit: > > @@ -1602,13 +1585,13 @@ int ssl3_send_server_hello(SSL *s) > > if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { > buf = (unsigned char *)s->init_buf->data; > -#ifdef OPENSSL_NO_TLSEXT > + > p = s->s3->server_random; > if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) { > s->state = SSL_ST_ERR; > return -1; > } > -#endif > + > /* Do the message type and length last */ > d = p = ssl_handshake_start(s); > > > That ssl_fill_hello_random() call needs to be deleted to fix this issue. > Based on a quick test, that does indeed fix the EAP-FAST server issue I > saw. >
Duhhh. Your email reminded me that I already fixed this a little while ago (actually I remembered just after I implemented the fix for a second time!). It got stuck in our review queue and I forgot about it. I've just pinged it so hopefully it will become unstuck and I can get this committed. Matt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev