Patches for OpenSSL
Carlos Alberto Lopez Perez
clopez at igalia.com
Tue Oct 26 15:28:41 EDT 2010
Hello,
I had personally experienced this problem and after a lot of tries I found
this solution [1] that worked like a charm.
Setting
ctx_options |= SSL_OP_NO_TICKET ;
in the file rlm_eap_tls.c of freeradius solved the problems with session
resumption when using EAP-TLS with hostapd+freeradius.
------
[1]
http://lists.freeradius.org/pipermail/freeradius-users/2010-June/msg00161.html
El 26/10/10 02:13, Panagiotis Georgopoulos escribió:
> Hello everyone,
>
>
>
> In the recent version of wpa_supplicant and hostapd, I've
> seen some patches which seem to be for OpenSSL. I am not quite sure of what
> their purpose is and whether I should apply them.
>
>
>
> I am having some issues with session resumption when using
> EAP-TLS or EAP-TTLS with OpenSSL 0.9.8k (ubuntu 10.04) and I was thinking
> whether the patches included in wpa_supplicant will help with that. It seems
> that the openssl-0.9.9-session-ticket.patch might help with my problem,
> however I am not running openSSL 0.9.9. In addition, it seems that there is
> no patch for 0.9.8k and I am guessing that I cannot apply the later one,
> right?
>
>
>
> Is my only option to manually compile openSSL 1.0.0 from source for both my
> supplicant, hostapd and FreeRadius in order to successfully use Session
> Resumption in EAP-TLS and EAP-TTLS? (although I am guessing that if hostapd
> is not used as a radius server then it doesn't require the newer version of
> openSSL).
>
>
>
> Thanks a lot in advance,
>
> Panos
>
>
>
>
>
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20101026/10c7a5bb/attachment.pgp
More information about the HostAP
mailing list