On Thu, Aug 26, 2021 at 11:25:34AM +0200, Juliusz Sosinowicz wrote: > - `tls_get_tls_unique` > - `tls_connection_get_cipher_suite` > - `tls_connection_get_peer_subject` > - `tls_connection_get_own_cert_used` > > The necessary wolfSSL changes are located in https://github.com/wolfSSL/wolfssl/pull/4205 . Thanks, applied with some cleanup in a number of separate commits. While testing these with various wolfSSL versions, I noticed that there were some regressions or old issues being revealed by additional functionality getting enabled. I fixed some of these, but it looks like there is still something wrong going on whenever TLS 1.3 is enabled and the wpa_supplicant mechanism of disabling that by default not working with wolfSSL. I ended up doing most of the testing with --disable-tls13 build of wolfSSL to verify previously working functionality. As far as the now enabled TLS session resumption and caching is concerned, it looks looks like there might be a memory leak in the WOLFSSL_SESSION ex_data handling. tls_connection_set_success_data() adds a heap allocated memory pointer with wolfSSL_SESSION_set_ex_data() and that buffer is not always cleared. It looks like remove_session_cb() is supposed to do that, but there is no mechanism to force that to happen when exiting the process. It looks like there is wolfSSL_flush_sessions(), but that is not called and even it it were, the current implementation of it does not really do anything. I'm not sure whether this is a real memory leak in the sense of each session leaking one instance or whether this just shows up since the session entry has not timed out and it would have been freed when processing the eventual timeout. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
