Resolved long ago.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
Here's a backport version of the session ticket override patch against
OpenSSL 0.9.8i. This provides the same API that was committed into 0.9.9
tree and it can be used with the current development snapshot of
wpa_supplicant/hostapd 0.6.x for EAP-FAST.
--
Jouni Malinen
On Monday 24 November 2008 04:34:41 am Jouni Malinen via RT wrote:
Here's a backport version of the session ticket override patch against
OpenSSL 0.9.8i. This provides the same API that was committed into 0.9.9
tree and it can be used with the current development snapshot of
On Sat, Nov 15, 2008 at 06:20:08PM +0100, Stephen Henson via RT wrote:
You patch has now been applied to HEAD. Thank you for the contribution.
Let me know of any problems.
Thank you! I updated wpa_supplicant and hostapd to use the new API when
building against OpenSSL 0.9.9. This seems to be
On Sat, Nov 15, 2008 at 06:20:08PM +0100, Stephen Henson via RT wrote:
You patch has now been applied to HEAD. Thank you for the contribution.
Let me know of any problems.
Thank you! I updated wpa_supplicant and hostapd to use the new API when
building against OpenSSL 0.9.9. This seems to be
You patch has now been applied to HEAD. Thank you for the contribution.
Let me know of any problems.
Steve.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
On Tue, Nov 11, 2008 at 12:09:55PM +0100, Stephen Henson via RT wrote:
OK, we'd need the generic extension part of the patch modified to only
override the session ticket extension.
I replaced SSL_set_hello_extension() function with
SSL_set_session_ticket_ext() and renamed the related
On Tue, Nov 11, 2008 at 12:09:55PM +0100, Stephen Henson via RT wrote:
OK, we'd need the generic extension part of the patch modified to only
override the session ticket extension.
I replaced SSL_set_hello_extension() function with
SSL_set_session_ticket_ext() and renamed the related
[EMAIL PROTECTED] - Wed Nov 12 14:46:47 2008]:
On Tue, Nov 11, 2008 at 12:09:55PM +0100, Stephen Henson via RT wrote:
OK, we'd need the generic extension part of the patch modified to
only
override the session ticket extension.
I replaced SSL_set_hello_extension() function with
On Wed, Nov 12, 2008 at 07:07:56PM +0100, Stephen Henson via RT wrote:
Well I'm assuming that there needs to be a way to obtain the ticket
value the peer has sent. Although it is possible to use the debugging
interface for that it then prevents it being used for anything else.
Something
On Wed, Nov 12, 2008 at 07:07:56PM +0100, Stephen Henson via RT wrote:
Well I'm assuming that there needs to be a way to obtain the ticket
value the peer has sent. Although it is possible to use the debugging
interface for that it then prevents it being used for anything else.
Something
[EMAIL PROTECTED] - Wed Oct 22 13:56:16 2008]:
On Wed, Oct 22, 2008 at 01:19:53PM +0200, Stephen Henson via RT wrote:
I've had an initial look at this patch. Is there some reason you need to
be able to generate generic extensions rather than just being able to
override the session
[EMAIL PROTECTED] - Sun Sep 28 16:41:18 2008]:
Update the OpenSSL patch for EAP-FAST support to work with the current
OpenSSL snapshot. The ssl/s3_srvr.c change from 03-Sep-2008 (rev 1.163)
seemed to have reverted some earlier changes and because of this, the
extra call to
On Wed, Oct 22, 2008 at 01:19:53PM +0200, Stephen Henson via RT wrote:
I've had an initial look at this patch. Is there some reason you need to
be able to generate generic extensions rather than just being able to
override the session ticket extension?
Not really. This just remains from the
On Wed, Oct 22, 2008 at 01:19:53PM +0200, Stephen Henson via RT wrote:
I've had an initial look at this patch. Is there some reason you need to
be able to generate generic extensions rather than just being able to
override the session ticket extension?
Not really. This just remains from the
Update the OpenSSL patch for EAP-FAST support to work with the current
OpenSSL snapshot. The ssl/s3_srvr.c change from 03-Sep-2008 (rev 1.163)
seemed to have reverted some earlier changes and because of this, the
extra call to ssl3_digest_cached_records() that was added in the
previous EAP-FAST
The attached patch is an updated version of the EAP-FAST (RFC 4851)
specific changes to TLS SessionTicket (RFC 5077) processing. This
updates the patch to work with the current 0.9.9 snapshots.
The original patch for making it possible to use OpenSSL for EAP-FAST
implementation was posted more
We would really appreciate any comments on the possibility of getting
the patch into the official OpenSSL sources. Are the OpenSSL developers
interested in getting the EAP-FAST support into OpenSSL or they do not
want it at all and if so, then why?
Thanks for any response,
--
Tomas Mraz
No
The attached patch is an updated version of the EAP-FAST specific
submission for OpenSSL 0.9.9. This fixes fallback to full TLS handshake
in case the server rejects PAC-Opaque from the client. This change
cleans up the modifications to ssl3_get_server_hello() that were
leftover from the old patch
We are also interested in supporting EAP-FAST in wpa_supplicant. Can
someone from OpenSSL developers comment whether the approach taken in
this patch is feasible and if they are willing to accept it into
OpenSSL?
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
I was pleased to note that support for SessionTicket (RFC 4507) was
added into the OpenSSL 0.9.9 tree couple of weeks ago. This
implementation seems to include session ticket use as specified in RFC
4507 which alone is not enough for supporting EAP-FAST (RFC 4851) since
EAP-FAST takes care of
21 matches
Mail list logo
