path: root/patches/openssl-0.9.9-session-ticket.patch
Commit message (Collapse)AuthorAgeFilesLines
* Updated OpenSSL 0.9.8i patch to use new session ticket override APIJouni Malinen2008-11-231-0/+4
| | | | | | The patch for 0.9.9 was merged into the upstream OpenSSL 0.9.9 tree and is not needed for EAP-FAST support with that OpenSSL version. The patch for 0.9.8i is now using the same API that was included in 0.9.9.
* Modified the OpenSSL patch to use session ticket -specific functionJouni Malinen2008-11-121-41/+51
| | | | | | | | | | | This is the first step in replacing SSL_set_hello_extension() with a new SSL_set_session_ticket_ext() function that can only be used to override the session ticket extension, not any arbitrary TLS extension. SSL_set_hello_extension() is still present as a simple wrapper in this version to avoid changing the API and to make testing with wpa_supplicant and hostapd easier. It can be eventually removed when the patch is going in into OpenSSL distribution.
* Updated indentation in the patch to match style used elsewhere in OpenSSLJouni Malinen2008-11-121-63/+68
* Update the OpenSSL EAP-FAST patch for current snapshot (20080928)Jouni Malinen2008-09-281-34/+32
| | | | | | This reverts the addition of ssl3_digest_cached_records() call from the previous update (3d1aa251a3783305fe31b280bb570ce9153bd982) since OpenSSL has apparently reverted some earlier changes that broke EAP-FAST.
* Updated the OpenSSL EAP-FAST patch for the current OpenSSL 0.9.9 snapshotJouni Malinen2008-08-241-54/+71
| | | | | | | | sssleay.num had changed (new function allocated) and server code was modified to call ssl3_digest_cached_records() in the start of abbreviated handshake to avoid possible segmentation faults later in some cases when reverting to full handshake. In addition, there is some whitespace cleanup and added comment explaining TLS ticket processing.
* Updated the EAP-FAST patch for the latest OpenSSL 0.9.9 snapshotJouni Malinen2008-05-291-33/+47
* Fixed fallback to full handshake when server rejects PAC-OpaqueJouni Malinen2008-04-151-47/+31
| | | | | | | | | | The TLS client changes in ssl3_get_server_hello() were based on the pre-RFC 5077 version of OpenSSL and they hardcoded s->hit to 1 in case PAC-Opaque was used. This prevented fallback to full TLS handshake in case the server rejected PAC-Opaque in ClientHello. The fixed version simplifies ssl3_get_server_hello() and uses the new RFC 5077 functionality in OpenSSL (ssl3_check_finished) to allow the state machine handle start of abbreviated handshake based on the used ticket.
* Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 releaseJouni Malinen2008-02-281-0/+342