Question about TLS handshake buffer

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Question about TLS handshake buffer

Howard, Jim

I am writing a 802.11 wireless client that communicates with the access
point using PEAP and MSCHAPV2.  I am having trouble establishing a
secure TLS tunnel in which to perform the PEAP phase 2 handshake.

My client sends a TLS Client Hello message.  The servers respond with
their "Server Hello, Certificate, and Server Hello Done".

So far, so good.

But after I send my "Client Key Exchange, Change Cipher Spec, Encrypted
Handshake Message" message I get an error.

Specifically in the PEAP protocol I get a "TLS bad record mac" or "TLS
alert, unexpected message" error from the server.  Hostap sends the
"unexpected message" error, other servers send "bad record mac".
My theory is that I am not correctly maintaining the correct handshake
message buffer described in RFC 2246 7.4.8, so my finished message is
not computing the correct "verify_data" value described in RFC 2246

Can someone point me to the code in hostapd and/or openssl in which this
buffer is constructed, and in particular where the actual verify_data
buffer is calculated?

I would greatly appreciate the help.


Jim Howard
OpenSSL Project                       
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]