OpenSSL 0.9.8za added a fix for CVE-2014-0224 and the original fix broke
EAP-FAST support due to forgotten SSL3_FLAGS_CCS_OK marking for
tls_session_secret_cb. Fix for this regression was added into OpenSSL
1.x and newer. The same fix is needed in this backport patch for
0.9.8za.
Signed-off-by: Jouni Malinen <j@w1.fi>
The 0.9.9 branch was for development purposes only, so no one should be
using that in production and there is not much point in maintaining the
obsolete patch here either. Similarly, the old 0.9.8 versions are
obsolete at this point in time and taken into account the recent OpenSSL
vulnerabilities, anything older than 0.9.8za should not really be used.
Prepare an updated version of the TLS session ticket patch based on the
current OpenSSL 0.9.8za release and remove all the older TLS extension
patches.
Signed-off-by: Jouni Malinen <j@w1.fi>