Re: Mac OS X EAP-TLS with wrong usename kills freeradius when check_cert_cn is set
Miika Räisänen wrote:
> and gdb after core dump:
> http://cc.oulu.fi/~mraisane/tmp/gdb-radiusd.1st-patch.log
Please try the following patch. I believe it will fix the problem.
If so, I'll commit it to CVS.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
? eap.patch
? radeapclient
Index: libeap/tls.c
===================================================================
RCS file: /source/radiusd/src/modules/rlm_eap/libeap/tls.c,v
retrieving revision 1.1.2.3
diff -u -r1.1.2.3 tls.c
--- libeap/tls.c 27 Apr 2006 18:53:23 -0000 1.1.2.3
+++ libeap/tls.c 24 Jan 2007 09:00:27 -0000
@@ -92,7 +92,7 @@
/*
* Print out some text describing the error.
*/
-static void int_ssl_check(SSL *s, int ret, const char *text)
+static int int_ssl_check(SSL *s, int ret, const char *text)
{
int e;
@@ -117,7 +117,7 @@
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_X509_LOOKUP:
case SSL_ERROR_ZERO_RETURN:
- return;
+ break;
/*
* These seem to be indications of a genuine
@@ -127,14 +127,12 @@
case SSL_ERROR_SYSCALL:
radlog(L_ERR, "rlm_eap_tls: %s failed in a system call (%d), TLS session fails.",
text, ret);
- SSL_set_app_data(s, (char *)1);
- return;
+ return 0;
case SSL_ERROR_SSL:
radlog(L_ERR, "rlm_eap_tls: %s failed inside of TLS (%d), TLS session fails.",
text, ret);
- SSL_set_app_data(s, (char *)1);
- return;
+ return 0;
default:
/*
@@ -144,8 +142,10 @@
* the code needs updating here.
*/
radlog(L_ERR, "rlm_eap_tls: FATAL SSL error ..... %d\n", e);
- break;
+ return 0;
}
+
+ return 1;
}
/*
@@ -170,8 +170,8 @@
sizeof(ssn->clean_out.data));
if (err > 0) {
ssn->clean_out.used = err;
- } else {
- int_ssl_check(ssn->ssl, err, "SSL_read");
+ } else if (!int_ssl_check(ssn->ssl, err, "SSL_read")) {
+ return 0;
}
/* Some Extra STATE information for easy debugging */
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.