Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

OpenSSL: Remove EAP-FAST TLSv1.0 only workaround for OpenSSL 1.1.0

The issue with the special form of TLS session tickets has been fixed in
the OpenSSL 1.1.0 branch, so disable workaround for it. OpenSSL 1.0.1
and 1.0.2 workaround is still in place until a release with the fix has
been made.

This allows TLSv1.1 and TLSv1.2 to be negotiated for EAP-FAST with the
OpenSSL versions that support this.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 9 years ago
parent
9dd21d5183
commit
06836013d3
1 changed files with 2 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      src/crypto/tls_openssl.c

+ 2 - 0
src/crypto/tls_openssl.c
View File 

@@ -3631,6 +3631,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 
 	if (can_pkcs11 == 2 && !engine_id)
 
 		engine_id = "pkcs11";
 
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 
 	if (params->flags & TLS_CONN_EAP_FAST) {
 
 		wpa_printf(MSG_DEBUG,
 
 			   "OpenSSL: Use TLSv1_method() for EAP-FAST");
 
@@ -3640,6 +3641,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 
 			return -1;
 
 		}
 
 	}
 
+#endif
 
 
 	while ((err = ERR_get_error())) {
 
 		wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",