PEAP fragmentation
Manuel Sánchez Cuenca
msc at dif.um.es
Tue Sep 4 14:07:40 CEST 2007
Finally I have solved the problem including this code in
eaptls_ack_handler (eap_tls.c):
case handshake:
if (tls_session->info.handshake_type == finished) {
DEBUG2(" rlm_eap_tls: ack handshake is finished");
if (tls_session->dirty_out.used == 0) return
EAPTLS_SUCCESS;
//return EAPTLS_SUCCESS;
}
DEBUG2(" rlm_eap_tls: ack handshake fragment handler");
/* Fragmentation handler, send next fragment */
return EAPTLS_REQUEST;
In this way, if there is more data to send, a new fragment is sent. But...
Alan DeKok escribió:
> Yes. The TLS code inside of FreeRADIUS assumes that once the initial
> handshake is completed, that there is no more data to send.
>
Is this correct? I mean, why freeradius suppose that only in the initial
handshake are necessary fragments, the specification of PEAP says
somethig about it?
> See the code that prints out "ack handshake is finished". It's
> terminating the EAP session earlier than you expect. You'll need to
> modify the code to have it send more data.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
>
>
>
--
-----------------------------
Manuel Sanchez Cuenca
Departamento de Ingenieria de la Informacion y las Comunicaciones
Facultad de Informatica. Universidad de Murcia
Campus de Espinardo - 30080 Murcia (SPAIN)
Tel.: +34-968-364644 Fax: +34-968-364151
email: msc at dif.um.es | manuelsc at um.es
url: http://libra.inf.um.es/~lolo
More information about the Freeradius-Devel
mailing list