Minor Bug in TTLS implementation
fabien.marotte at freesurf.fr
fabien.marotte at freesurf.fr
Tue May 31 14:14:50 CEST 2005
Hi,
I notice a minor bug in ttls implementation.
I configured my Freeradius server to do ttls exchange with a supplicant
(through a NAS).
This freeradius server proxies tunneled requests to an other radius server.
When the external server replies EAP-Success/Radius-AccessAccept to the
Freeradius proxy, the tunnel is correctly destroyed and the FreeRadius proxy
sends EAP-Success/RADIUS-AccessAccept to the supplicant.
This last message is correct but it contains the PROXY_STATE attribute that
FreeRadius had added during the proxy exchanges.
As it seems that the latest cvs version don't correct this bug, I had done a
correction (in version 1.20) of the ttls.c file, in the process_reply
function after the line 652.
Value pairs of the proxy reply are moved into the reply vps.
The problem is that the PROXY_STATE is still present in proxy reply vps and
is moved with the others.
So I have added these two instructions to remove the PROXY_STATE attribute
in the reply vps:
pairmove2(&vp, &request->reply->vps, PW_PROXY_STATE);
pairfree(&vp);
It works but I don't know if it's the best way to correct the bug.
Fabien Marotte
More information about the Freeradius-Devel
mailing list