On 31/07/15 20:15, Matt Caswell wrote: > > > On 31/07/15 18:51, Jouni Malinen wrote: >> This is the relevant part of that commit: >> >> @@ -1602,13 +1585,13 @@ int ssl3_send_server_hello(SSL *s) >> >> if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { >> buf = (unsigned char *)s->init_buf->data; >> -#ifdef OPENSSL_NO_TLSEXT >> + >> p = s->s3->server_random; >> if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) { >> s->state = SSL_ST_ERR; >> return -1; >> } >> -#endif >> + >> /* Do the message type and length last */ >> d = p = ssl_handshake_start(s); >> >> >> That ssl_fill_hello_random() call needs to be deleted to fix this issue. >> Based on a quick test, that does indeed fix the EAP-FAST server issue I >> saw. >> > > Duhhh. Your email reminded me that I already fixed this a little while > ago (actually I remembered just after I implemented the fix for a second > time!). It got stuck in our review queue and I forgot about it. I've > just pinged it so hopefully it will become unstuck and I can get this > committed.
https://github.com/openssl/openssl/commit/e1e088ec7f2f33c4c4ad31312d62c536441d4358 Matt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev