-This patch adds support for TLS SessionTicket extension (RFC 4507) for
+This patch adds support for TLS SessionTicket extension (RFC 5077) for
the parts used by EAP-FAST (RFC 4851).
This is based on the patch from Alexey Kobozev <akobozev@cisco.com>
diff -upr openssl-0.9.8g.orig/ssl/s3_clnt.c openssl-0.9.8g/ssl/s3_clnt.c
---- openssl-0.9.8g.orig/ssl/s3_clnt.c 2007-08-30 17:28:51.000000000 -0700
-+++ openssl-0.9.8g/ssl/s3_clnt.c 2007-11-01 20:08:08.000000000 -0700
-@@ -660,7 +660,7 @@ int ssl3_get_server_hello(SSL *s)
- STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *c;
- unsigned char *p,*d;
-- int i,al,ok;
-+ int i,al,ok,pre_shared;
- unsigned int j;
- long n;
- #ifndef OPENSSL_NO_COMP
-@@ -727,7 +727,26 @@ int ssl3_get_server_hello(SSL *s)
+--- openssl-0.9.8g.orig/ssl/s3_clnt.c 2007-08-31 03:28:51.000000000 +0300
++++ openssl-0.9.8g/ssl/s3_clnt.c 2008-04-15 17:11:46.000000000 +0300
+@@ -727,6 +727,20 @@ int ssl3_get_server_hello(SSL *s)
goto f_err;
}
-- if (j != 0 && j == s->session->session_id_length
-+ /* check if we want to resume the session based on external pre-shared secret */
-+ pre_shared = 0;
+#ifndef OPENSSL_NO_TLSEXT
++ /* check if we want to resume the session based on external pre-shared secret */
+ if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
+ {
+ SSL_CIPHER *pref_cipher=NULL;
+ if (s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
+ NULL, &pref_cipher, s->tls_session_secret_cb_arg))
+ {
-+ s->hit=1;
+ s->session->cipher=pref_cipher ? pref_cipher : ssl_get_cipher_by_char(s,p+j);
-+ s->session->session_id_length = j;
-+ memcpy(s->session->session_id, p, j);
-+ pre_shared = 1;
+ }
+ }
+#endif /* OPENSSL_NO_TLSEXT */
+
-+ if ((pre_shared || j != 0) && j == s->session->session_id_length
+ if (j != 0 && j == s->session->session_id_length
&& memcmp(p,s->session->session_id,j) == 0)
{
- if(s->sid_ctx_length != s->session->sid_ctx_length
diff -upr openssl-0.9.8g.orig/ssl/s3_srvr.c openssl-0.9.8g/ssl/s3_srvr.c
---- openssl-0.9.8g.orig/ssl/s3_srvr.c 2007-09-30 11:55:59.000000000 -0700
-+++ openssl-0.9.8g/ssl/s3_srvr.c 2007-11-02 19:24:20.000000000 -0700
+--- openssl-0.9.8g.orig/ssl/s3_srvr.c 2007-09-30 21:55:59.000000000 +0300
++++ openssl-0.9.8g/ssl/s3_srvr.c 2008-04-15 17:10:37.000000000 +0300
@@ -928,6 +928,59 @@ int ssl3_get_client_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
goto err;
d=p= &(buf[4]);
diff -upr openssl-0.9.8g.orig/ssl/ssl.h openssl-0.9.8g/ssl/ssl.h
---- openssl-0.9.8g.orig/ssl/ssl.h 2007-10-19 00:42:38.000000000 -0700
-+++ openssl-0.9.8g/ssl/ssl.h 2007-11-01 20:08:08.000000000 -0700
+--- openssl-0.9.8g.orig/ssl/ssl.h 2007-10-19 10:42:38.000000000 +0300
++++ openssl-0.9.8g/ssl/ssl.h 2008-04-15 17:10:37.000000000 +0300
@@ -342,6 +342,7 @@ extern "C" {
* 'struct ssl_st *' function parameters used to prototype callbacks
* in SSL_CTX. */
/* Reason codes. */
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
diff -upr openssl-0.9.8g.orig/ssl/ssl_err.c openssl-0.9.8g/ssl/ssl_err.c
---- openssl-0.9.8g.orig/ssl/ssl_err.c 2007-10-11 07:36:59.000000000 -0700
-+++ openssl-0.9.8g/ssl/ssl_err.c 2007-11-01 20:08:08.000000000 -0700
+--- openssl-0.9.8g.orig/ssl/ssl_err.c 2007-10-11 17:36:59.000000000 +0300
++++ openssl-0.9.8g/ssl/ssl_err.c 2008-04-15 17:10:37.000000000 +0300
@@ -250,6 +250,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
};
diff -upr openssl-0.9.8g.orig/ssl/ssl_sess.c openssl-0.9.8g/ssl/ssl_sess.c
---- openssl-0.9.8g.orig/ssl/ssl_sess.c 2007-10-19 00:36:34.000000000 -0700
-+++ openssl-0.9.8g/ssl/ssl_sess.c 2007-11-01 20:08:08.000000000 -0700
+--- openssl-0.9.8g.orig/ssl/ssl_sess.c 2007-10-19 10:36:34.000000000 +0300
++++ openssl-0.9.8g/ssl/ssl_sess.c 2008-04-15 17:10:37.000000000 +0300
@@ -704,6 +704,52 @@ long SSL_CTX_get_timeout(const SSL_CTX *
return(s->session_timeout);
}
{
SSL_CTX *ctx;
diff -upr openssl-0.9.8g.orig/ssl/t1_lib.c openssl-0.9.8g/ssl/t1_lib.c
---- openssl-0.9.8g.orig/ssl/t1_lib.c 2007-10-19 00:44:10.000000000 -0700
-+++ openssl-0.9.8g/ssl/t1_lib.c 2007-11-01 20:08:08.000000000 -0700
+--- openssl-0.9.8g.orig/ssl/t1_lib.c 2007-10-19 10:44:10.000000000 +0300
++++ openssl-0.9.8g/ssl/t1_lib.c 2008-04-15 17:10:37.000000000 +0300
@@ -105,6 +105,12 @@ int tls1_new(SSL *s)
void tls1_free(SSL *s)
ret);
}
diff -upr openssl-0.9.8g.orig/ssl/tls1.h openssl-0.9.8g/ssl/tls1.h
---- openssl-0.9.8g.orig/ssl/tls1.h 2007-08-27 18:12:44.000000000 -0700
-+++ openssl-0.9.8g/ssl/tls1.h 2007-11-01 20:08:08.000000000 -0700
+--- openssl-0.9.8g.orig/ssl/tls1.h 2007-08-28 04:12:44.000000000 +0300
++++ openssl-0.9.8g/ssl/tls1.h 2008-04-15 17:10:37.000000000 +0300
@@ -365,6 +365,14 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SER
#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/
#endif
}
#endif
diff -upr openssl-0.9.8g.orig/util/ssleay.num openssl-0.9.8g/util/ssleay.num
---- openssl-0.9.8g.orig/util/ssleay.num 2007-08-12 15:31:16.000000000 -0700
-+++ openssl-0.9.8g/util/ssleay.num 2007-11-01 20:08:08.000000000 -0700
+--- openssl-0.9.8g.orig/util/ssleay.num 2007-08-13 01:31:16.000000000 +0300
++++ openssl-0.9.8g/util/ssleay.num 2008-04-15 17:10:37.000000000 +0300
@@ -241,3 +241,5 @@ SSL_CTX_sess_get_remove_cb
SSL_set_SSL_CTX 290 EXIST::FUNCTION:
SSL_get_servername 291 EXIST::FUNCTION:TLSEXT
projects / libeap.git / commitdiff