mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
BoringSSL: Fix session resumption
BoringSSL commit 533ef7304d9b48aad38805f1997031a0a034d7fe ('Remove SSL_clear calls in handshake functions.') triggered a regression for EAP-TLS/TTLS/PEAP session resumption in wpa_supplicant due to the removed SSL_clear() call in ssl3_connect() going away and wpa_supplicant not calling SSL_clear() after SSL_shutdown(). Fix this by adding the SSL_clear() call into wpa_supplicant after SSL_shutdown() when preparing the ssl instance for another connection. While OpenSSL is still call SSL_clear() in ssl3_connect(), it looks to be safe to add this call to wpa_supplicant unconditionally. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
0f56057c64
commit
a7803b0caf
@ -1142,7 +1142,7 @@ int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
|
||||
* and "close notify" shutdown alert would confuse AS. */
|
||||
SSL_set_quiet_shutdown(conn->ssl, 1);
|
||||
SSL_shutdown(conn->ssl);
|
||||
return 0;
|
||||
return SSL_clear(conn->ssl) == 1 ? 0 : -1;
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user