From a7803b0cafb5e8f920b5d634d3c70496b3d47088 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 17 Aug 2015 22:50:41 +0300 Subject: [PATCH] BoringSSL: Fix session resumption BoringSSL commit 533ef7304d9b48aad38805f1997031a0a034d7fe ('Remove SSL_clear calls in handshake functions.') triggered a regression for EAP-TLS/TTLS/PEAP session resumption in wpa_supplicant due to the removed SSL_clear() call in ssl3_connect() going away and wpa_supplicant not calling SSL_clear() after SSL_shutdown(). Fix this by adding the SSL_clear() call into wpa_supplicant after SSL_shutdown() when preparing the ssl instance for another connection. While OpenSSL is still call SSL_clear() in ssl3_connect(), it looks to be safe to add this call to wpa_supplicant unconditionally. Signed-off-by: Jouni Malinen --- src/crypto/tls_openssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 1401c8c8e..325f01d32 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -1142,7 +1142,7 @@ int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn) * and "close notify" shutdown alert would confuse AS. */ SSL_set_quiet_shutdown(conn->ssl, 1); SSL_shutdown(conn->ssl); - return 0; + return SSL_clear(conn->ssl) == 1 ? 0 : -1; }