> On Jan 23, 2019, at 9:57 PM, Matt Caswell wrote:
>
>
>
> On 23/01/2019 13:01, Arran Cudbard-Bell wrote:
>> As per the subject line:
>>
>> SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF)
>>
>> does not seem to disable generation of
I'm working with wpa_supplicant to try and fix up its EAP-TTLS and EAP-PEAP
implementations to work correctly with TLS 1.3 and session tickets.
Where a new_session_ticket message is sent after client/server finish, calls to
SSL_read() result in the new_session_ticket message being processed
As per the subject line:
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF)
does not seem to disable generation of stateless tickets with TLS 1.3:
SSL_CTX_set_num_tickets(ctx, 0);
is also required to prevent the tickets being generated.
There's no mention of this
> On 23/01/2019 14:04, Arran Cudbard-Bell wrote:
>> I'm working with wpa_supplicant to try and fix up its EAP-TTLS and EAP-PEAP
>> implementations to work correctly with TLS 1.3 and session tickets.
>>
>> Where a new_session_ticket message is sent after client/server f
> On Jun 8, 2021, at 6:48 AM, Hubert Kario wrote:
>
> On Monday, 7 June 2021 21:01:04 CEST, Arran Cudbard-Bell wrote:
>> The tables to convert extension IDs and compression methods to humanly
>> readable names are not available outside ssl/t1_trace.c.
>>
>>
The tables to convert extension IDs and compression methods to humanly readable
names are not available outside ssl/t1_trace.c.
SSL_trace() itself produces reams of helpful information as handshakes
progress, and is particularly useful for dealing with encrypted handshakes,
where wireshark et
> On Jun 7, 2021, at 4:57 PM, Matt Caswell wrote:
>
>
>
> On 07/06/2021 20:01, Arran Cudbard-Bell wrote:
>> The tables to convert extension IDs and compression methods to humanly
>> readable names are not available outside ssl/t1_trace.c.
>> SSL_trace()
?
Many Thanks,
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
signature.asc
Description: Message signed with OpenPGP
In current master HEAD and 3.0.0 calling ERR_GET_REASON throws the following
warning:
src/lib/tls/session.c:1323:43: warning: 'ERR_GET_REASON' was marked unused but
was used [-Wused-but-marked-unused]
while ((ssl_err = ERR_peek_error()) && (ERR_GET_REASON(ssl_err)
==
> On Oct 4, 2021, at 3:00 AM, Matt Caswell wrote:
>
> Please raise a github issue for this.
https://github.com/openssl/openssl/issues/16776
Raised but there's no resolution.
I don't think there's much value in suggesting additional fixes for this
problem, as the
reasons for it existing are
contexts so global allocators
may no longer be
appropriate. Let me know if that's an issue here and I'll move the code to
using allocators bound to library
contexts.
-Arran
> On Feb 23, 2022, at 4:29 PM, Arran Cudbard-Bell
> wrote:
>
> PR is now available here: https://github.com/ope
for that thread, which we believe in most cases fixes the issues described
above.
The free function will then signal/join the thread.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
signature.asc
Description: Message signed with OpenPGP
PR is now available here: https://github.com/openssl/openssl/pull/17762
-Arran
> On Feb 22, 2022, at 11:10 AM, Arran Cudbard-Bell
> wrote:
>
> In our application we use the OpenSSL ASYNC_* API to jump out of verification
> and session load/store callbacks.
>
> On
13 matches
Mail list logo
