Hello, I tried the most recent cvs head, but had an issue with eap-ttls/pap (it would get into an infinite loop with my testing client - the jradius simulator). I have noticed a bit of work being done in this area... so, I thought I would help test. Anyways, here is what got to work again for me again. In eaptls_process(), I commented out an extra check for EAPTLS_OK when SSL_is_init_finished since I was seeing status == EAPTLS_LENGTH_INCLUDED. In tls.c, when SSL_read() returns > 0, I put a return in there since we have application data. I changed the content_type check to a BIO_ctrl_pending() check. And, finally, I added a line to ttls.c since I was segfaulting from a NULL request->client in a log message. Then it worked. Cheers, David
wlan@mac.com wrote:
I tried the most recent cvs head, but had an issue with eap-ttls/pap (it would get into an infinite loop with my testing client - the jradius simulator). I have noticed a bit of work being done in this area... so, I thought I would help test. Anyways, here is what got to work again for me again. In eaptls_process(), I commented out an extra check for EAPTLS_OK when SSL_is_init_finished since I was seeing status == EAPTLS_LENGTH_INCLUDED.
OK.
In tls.c, when SSL_read() returns > 0, I put a return in there since we have application data.
It also needs to call record_init() on the dirty_in buffer. Without that, all TLS methods fail in my tests.
I changed the content_type check to a BIO_ctrl_pending() check.
That's reasonable.
And, finally, I added a line to ttls.c since I was segfaulting from a NULL request->client in a log message. Then it worked.
That fix should be in src/main/util.c, which creates && initializes the fake request. That way, the fix applies to both TTLS and to PEAP. I've committed the changes. Please test. If you could test against the the native MAC implementation of TTLS, that would help a lot, too. I tried using jradiusSimulator. Nice, but it refuses to run the TTLS tests because I have Java 1.6, not 1.5. Alan DeKok.
I've committed the changes. Please test. If you could test against the the native MAC implementation of TTLS, that would help a lot, too.
Yes, I will do that.
I tried using jradiusSimulator. Nice, but it refuses to run the TTLS tests because I have Java 1.6, not 1.5.
Thanks for the info... the check should be for > 1.4, not specifically 1.5. Cheers, David
I've committed the changes. Please test. If you could test against the the native MAC implementation of TTLS, that would help a lot, too.
I tried using jradiusSimulator. Nice, but it refuses to run the TTLS tests because I have Java 1.6, not 1.5.
Yes, works fine with a Mac - even with a new implementation of the jradius eap-tls class using bouncy castle TLS instead of the native java SSLEngine. David
participants (2)
-
Alan DeKok -
wlan@mac.com