Of course you all found the bug I was talking about after I uploaded the correct
screenshot! ;-) Bash me. You even found minor other issues which should however
not be exploitable.
Nevertheless, wpa_supplicant has got an excellent code structure which is fun to review.
If you ever want to learn how to write your own TLSv1 implementation, have a look at their code.