Hello again dev team, Further to this, I have tested Jouni's patches against 0.9.8d, 0.9.8e and openssl-SNAP-20070816 on Linux, Solaris and Windows and they work fine.
Can we have some discussion about including these patches in the mainline please? They add badly needed features to support EAP-FAST and other modern authentication protocols. In particular they add SSL_set_hello_extension and SSL_set_session_secret_cb, and adjust exactly when the TLS server_random is set (required to change the master key during EAP-FAST handshake). None of the existing feature set is removed or broken by these patches What else do you need before rolling these patches in? http://www.open.com.au/radiator/free-downloads/openssl-0.9.9-session-ticket.patch Cheers. On Wednesday 29 August 2007 17:11, Mike McCauley wrote: > Hello dev team. > > Jouni Malinen recently posted here with a patch that adds support for > various features required in OpenSSL to support new authentication > protocols like EAP-FAST and others. > > I want to confirm that his patch applies cleanly to openssl-SNAP-20070816 > and works as intended. > > I want to encourage the dev team to apply his patch to the mainline. > Without this code (or something like it) it is not possible to support > EAP-FAST and other similar modern authentication protocols that need to > fiddle with the master key during TLS handshake. > > Just in case its hard to get the patch from his post, it is also here for > easy download: > > http://www.open.com.au/radiator/free-downloads/openssl-0.9.9-session-ticket >.patch > > Please consider this patch. If the dev team needs anything else before > rolling it in, please let me or Jouni know. I know l will be happy to > assist. > > Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
