Hello again dev team,

Further to this, I have tested Jouni's patches against 0.9.8d, 0.9.8e and
openssl-SNAP-20070816 on Linux, Solaris and Windows and they work fine.

Can we have some discussion about including these patches in the mainline
please? They add badly needed features to support EAP-FAST and other modern
authentication protocols. In particular they add SSL_set_hello_extension and
SSL_set_session_secret_cb, and adjust exactly when the TLS server_random is
set (required to change the master key during EAP-FAST handshake). None of
the existing feature set is removed or broken by these patches

What else do you need before rolling these patches in?



On Wednesday 29 August 2007 17:11, Mike McCauley wrote:
> Hello dev team.
> Jouni Malinen recently posted here with a patch that adds support for
> various features required in OpenSSL to support new authentication
> protocols like EAP-FAST and others.
> I want to confirm that his patch applies cleanly to openssl-SNAP-20070816
> and works as intended.
> I want to encourage the dev team to apply his patch to the mainline.
> Without this code (or something like it) it is not possible to support
> EAP-FAST and other similar modern authentication protocols that need to
> fiddle with the master key during TLS handshake.
> Just in case its hard to get the patch from his post, it is also here for
> easy download:
> http://www.open.com.au/radiator/free...session-ticket
> Please consider this patch. If the dev team needs anything else before
> rolling it in, please let me or Jouni know. I know l will be happy to
> assist.
> Cheers.

Mike McCauley mikem@open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org