Warnings about OpenSSL 1.0.1f and 1.0.1g
Jouni Malinen
jkmalinen at gmail.com
Tue Dec 15 10:16:07 CET 2015
On Mon, Dec 14, 2015 at 3:56 PM, Adam Bishop <Adam.Bishop at jisc.ac.uk> wrote:
> CentOS 7.2 is using OpenSSL 1.0.1e out of the box so *should* be unaffected...
>
> Is there a test for this issue (in the test suite or with eapol_test/radtest etc.) so I can make sure RedHat haven't helpfully backported the bug?
I triggered this by building the current snapshot of eapol_test
against the GnuTLS version included in Ubuntu 14.04 (and confirmed
that it also worked against unmodified GnuTLS 2.12.23 release built by
myself). The behavior is same as in the earlier issues, i.e., the
PMK/MSK from the authentication server does not match the PMK/MSK
derived by the client when using EAP-PEAP (or EAP-TLS or TTLS).
eapol_test prints this out in the end as an error.
- Jouni
More information about the Freeradius-Users
mailing list