I have encountered a problem with EAP-FAST PACs when switching our implementation of OpenSSL from a context that supports TLSv1.0 only to a context that supports negotiation to the highest available TLS version.
For EAP-FAST the PAC opaque is loaded into the SSL tlsext_session_ticket using the SSL_set_session_ticket_ext method during initialization of the SSL connection. When the SSL context is set using TLSV1_client_method (TLS v1.0), the ssl3_client_hello method is invoked for the client hello message which calls ssl_get_new_session if SSL session is NULL. The ssl3_client_hello method eventually calls ssl_add_clienthello_tlsext which will initialize the SSL session tlsext_tick structure as long as the SSL structure contains a session that is not NULL. When the SSL context is set using SSLv23_client_method, the ssl23_client_hello method is invoked for the client hello message which does not call ssl_get_new_session (the call is commented out) before the ssl_add_clienthello_tlsext is called. In this scenario the SSL session is NULL, so when ssl_add_clienthello_tlsext is called it does not initialize the SSL session tlsext_tick structure. This results in the EAP-FAST PAC not being loaded into the TLS session ticket extension when using the methods that support negotiation of the highest available SSL/TLS version. In order for TLS session ticket extension to work with the SSLv23_client_method's it seems that the ssl23_client_hello method should add a new session object to the SSL connection when there is none, similar to what is done in the ssl3_client_hello method. Ian McFadries
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev