Question about TLS handshake buffer

Howard, Jim jhoward
Thu Jun 16 11:13:34 PDT 2005


Hello,

I am writing a 802.11 wireless client that communicates with the access
point using PEAP and MSCHAPV2.  I am having trouble establishing a
secure TLS tunnel in which to perform the PEAP phase 2 handshake.

My client sends a TLS Client Hello message.  The servers respond with
their "Server Hello, Certificate, and Server Hello Done".

So far, so good.

But after I send my "Client Key Exchange, Change Cipher Spec, Encrypted
Handshake Message" message I get an error.

Specifically in the PEAP protocol I get a "TLS bad record mac" or "TLS
alert, unexpected message" error from the server.  Hostap sends the
"unexpected message" error, other servers send "bad record mac".
 
My theory is that I am not correctly maintaining the correct handshake
message buffer described in RFC 2246 7.4.8, so my finished message is
not computing the correct "verify_data" value described in RFC 2246
7.4.9.  

Can someone point me to the code in hostapd and/or openssl in which this
buffer is constructed, and in particular where the actual verify_data
buffer is calculated?

I would greatly appreciate the help.

Thanks,

Jim Howard




More information about the Hostap mailing list