Resolved long ago.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
Develo
On Monday 24 November 2008 04:34:41 am Jouni Malinen via RT wrote:
> Here's a backport version of the session ticket override patch against
> OpenSSL 0.9.8i. This provides the same API that was committed into 0.9.9
> tree and it can be used with the current development snapshot of
> wpa_supplicant/
Here's a backport version of the session ticket override patch against
OpenSSL 0.9.8i. This provides the same API that was committed into 0.9.9
tree and it can be used with the current development snapshot of
wpa_supplicant/hostapd 0.6.x for EAP-FAST.
--
Jouni Malinen
On Sat, Nov 15, 2008 at 06:20:08PM +0100, Stephen Henson via RT wrote:
> You patch has now been applied to HEAD. Thank you for the contribution.
> Let me know of any problems.
Thank you! I updated wpa_supplicant and hostapd to use the new API when
building against OpenSSL 0.9.9. This seems to be w
On Sat, Nov 15, 2008 at 06:20:08PM +0100, Stephen Henson via RT wrote:
> You patch has now been applied to HEAD. Thank you for the contribution.
> Let me know of any problems.
Thank you! I updated wpa_supplicant and hostapd to use the new API when
building against OpenSSL 0.9.9. This seems to be w
You patch has now been applied to HEAD. Thank you for the contribution.
Let me know of any problems.
Steve.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
On Wed, Nov 12, 2008 at 07:07:56PM +0100, Stephen Henson via RT wrote:
> Well I'm assuming that there needs to be a way to obtain the ticket
> value the peer has sent. Although it is possible to use the debugging
> interface for that it then prevents it being used for anything else.
>
> Somethin
On Wed, Nov 12, 2008 at 07:07:56PM +0100, Stephen Henson via RT wrote:
> Well I'm assuming that there needs to be a way to obtain the ticket
> value the peer has sent. Although it is possible to use the debugging
> interface for that it then prevents it being used for anything else.
>
> Somethin
> [EMAIL PROTECTED] - Wed Nov 12 14:46:47 2008]:
>
> On Tue, Nov 11, 2008 at 12:09:55PM +0100, Stephen Henson via RT wrote:
>
> > OK, we'd need the generic extension part of the patch modified to
> only
> > override the session ticket extension.
>
> I replaced SSL_set_hello_extension() function
On Tue, Nov 11, 2008 at 12:09:55PM +0100, Stephen Henson via RT wrote:
> OK, we'd need the generic extension part of the patch modified to only
> override the session ticket extension.
I replaced SSL_set_hello_extension() function with
SSL_set_session_ticket_ext() and renamed the related structu
On Tue, Nov 11, 2008 at 12:09:55PM +0100, Stephen Henson via RT wrote:
> OK, we'd need the generic extension part of the patch modified to only
> override the session ticket extension.
I replaced SSL_set_hello_extension() function with
SSL_set_session_ticket_ext() and renamed the related structu
> [EMAIL PROTECTED] - Wed Oct 22 13:56:16 2008]:
>
> On Wed, Oct 22, 2008 at 01:19:53PM +0200, Stephen Henson via RT wrote:
>
> > I've had an initial look at this patch. Is there some reason you need to
> > be able to generate generic extensions rather than just being able to
> > override the ses
On Wed, Oct 22, 2008 at 01:19:53PM +0200, Stephen Henson via RT wrote:
> I've had an initial look at this patch. Is there some reason you need to
> be able to generate generic extensions rather than just being able to
> override the session ticket extension?
Not really. This just remains from the
On Wed, Oct 22, 2008 at 01:19:53PM +0200, Stephen Henson via RT wrote:
> I've had an initial look at this patch. Is there some reason you need to
> be able to generate generic extensions rather than just being able to
> override the session ticket extension?
Not really. This just remains from the
> [EMAIL PROTECTED] - Sun Sep 28 16:41:18 2008]:
>
> Update the OpenSSL patch for EAP-FAST support to work with the current
> OpenSSL snapshot. The ssl/s3_srvr.c change from 03-Sep-2008 (rev 1.163)
> seemed to have reverted some earlier changes and because of this, the
> extra call to ssl3_digest_
Update the OpenSSL patch for EAP-FAST support to work with the current
OpenSSL snapshot. The ssl/s3_srvr.c change from 03-Sep-2008 (rev 1.163)
seemed to have reverted some earlier changes and because of this, the
extra call to ssl3_digest_cached_records() that was added in the
previous EAP-FAST pat
The attached patch is an updated version of the EAP-FAST (RFC 4851)
specific changes to TLS SessionTicket (RFC 5077) processing. This
updates the patch to work with the current 0.9.9 snapshots.
The original patch for making it possible to use OpenSSL for EAP-FAST
implementation was posted more tha
We would really appreciate any comments on the possibility of getting
the patch into the official OpenSSL sources. Are the OpenSSL developers
interested in getting the EAP-FAST support into OpenSSL or they do not
want it at all and if so, then why?
Thanks for any response,
--
Tomas Mraz
No matter
The attached patch is an updated version of the EAP-FAST specific
submission for OpenSSL 0.9.9. This fixes fallback to full TLS handshake
in case the server rejects PAC-Opaque from the client. This change
cleans up the modifications to ssl3_get_server_hello() that were
leftover from the old patch (
We are also interested in supporting EAP-FAST in wpa_supplicant. Can
someone from OpenSSL developers comment whether the approach taken in
this patch is feasible and if they are willing to accept it into
OpenSSL?
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Hello again dev team,
Further to this, I have tested Jouni's patches against 0.9.8d, 0.9.8e and
openssl-SNAP-20070816 on Linux, Solaris and Windows and they work fine.
Can we have some discussion about including these patches in the mainline
please? They add badly needed features to support EAP
Hello dev team.
Jouni Malinen recently posted here with a patch that adds support for various
features required in OpenSSL to support new authentication protocols like
EAP-FAST and others.
I want to confirm that his patch applies cleanly to openssl-SNAP-20070816 and
works as intended.
I want
I was pleased to note that support for SessionTicket (RFC 4507) was
added into the OpenSSL 0.9.9 tree couple of weeks ago. This
implementation seems to include session ticket use as specified in RFC
4507 which alone is not enough for supporting EAP-FAST (RFC 4851) since
EAP-FAST takes care of Sessi
I was pleased to note that support for SessionTicket (RFC 4507) was
added into the OpenSSL 0.9.9 tree couple of weeks ago. This
implementation seems to include session ticket use as specified in RFC
4507 which alone is not enough for supporting EAP-FAST (RFC 4851) since
EAP-FAST takes care of Sessi
24 matches
Mail list logo
