On Mon, Dec 14, 2015 at 3:56 PM, Adam Bishop <Adam.Bishop@jisc.ac.uk> wrote:
CentOS 7.2 is using OpenSSL 1.0.1e out of the box so *should* be unaffected...
Is there a test for this issue (in the test suite or with eapol_test/radtest etc.) so I can make sure RedHat haven't helpfully backported the bug?
I triggered this by building the current snapshot of eapol_test against the GnuTLS version included in Ubuntu 14.04 (and confirmed that it also worked against unmodified GnuTLS 2.12.23 release built by myself). The behavior is same as in the earlier issues, i.e., the PMK/MSK from the authentication server does not match the PMK/MSK derived by the client when using EAP-PEAP (or EAP-TLS or TTLS). eapol_test prints this out in the end as an error. - Jouni