PEAP fragmentation

Manuel Sánchez Cuenca msc at
Tue Sep 4 14:07:40 CEST 2007

Finally I have solved the problem including this code in 
eaptls_ack_handler (eap_tls.c):

        case handshake:
                if (tls_session->info.handshake_type == finished) {
                        DEBUG2("  rlm_eap_tls: ack handshake is finished");
                        if (tls_session->dirty_out.used == 0) return 
                        //return EAPTLS_SUCCESS;

                DEBUG2("  rlm_eap_tls: ack handshake fragment handler");
                /* Fragmentation handler, send next fragment */
                return EAPTLS_REQUEST;

In this way, if there is more data to send, a new fragment is sent. But...

Alan DeKok escribió:
>   Yes.  The TLS code inside of FreeRADIUS assumes that once the initial
> handshake is completed, that there is no more data to send.
Is this correct? I mean, why freeradius suppose that only in the initial 
handshake are necessary fragments, the specification of PEAP says 
somethig about it?
>   See the code that prints out "ack handshake is finished".  It's
> terminating the EAP session earlier than you expect.  You'll need to
> modify the code to have it send more data.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

Manuel Sanchez Cuenca
Departamento de Ingenieria de la Informacion y las Comunicaciones
Facultad de Informatica. Universidad de Murcia
Campus de Espinardo - 30080 Murcia (SPAIN)
Tel.: +34-968-364644    Fax: +34-968-364151
email: msc at  |  manuelsc at

More information about the Freeradius-Devel mailing list