[PATCH] Fix broken EAP-TLS (bug introduced 2008/08/24 by b51a3a82)
Arnaud Ebalard
arno at natisbad.org
Thu Jan 29 16:31:10 CET 2009
Hi,
As explained in previous mails of the thread, FreeRadius EAP-TLS support
is broken (the EAP encapsulated TLS ChangeCipherSpec and TLS Finished
messages are not sent). Bisecting the issue led me here:
commit b51a3a82edb797f5d0a2758bd1a38359d6f66803
Author: Alan T. DeKok <aland at freeradius.org>
Date: Sun Aug 24 10:04:55 2008 +0200
Clean up debug && log messages
AFAICT, the test that prevented eaptls_ack_handler() to return
EAPTLS_SUCCESS *before* flushing remaining local messages
(i.e. returning EAPTLS_REQUEST so that they be sent to the peer to
complete the TLS handshake) was removed in that commit.
The patch below is against current git tree. With Axel, we tested the
fix with 2.1.3: it corrects the issue.
Cheers,
a+
Signed-off-by: Arnaud Ebalard <arno at natisbad.org>
Tested-by: Axel Tillequin <axel.tillequin at gmail.com>
---
src/modules/rlm_eap/libeap/eap_tls.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/modules/rlm_eap/libeap/eap_tls.c b/src/modules/rlm_eap/libeap/eap_tls.c
index cd95bec..42edbed 100644
--- a/src/modules/rlm_eap/libeap/eap_tls.c
+++ b/src/modules/rlm_eap/libeap/eap_tls.c
@@ -330,7 +330,8 @@ static eaptls_status_t eaptls_ack_handler(EAP_HANDLER *handler)
return EAPTLS_FAIL;
case handshake:
- if (tls_session->info.handshake_type == finished) {
+ if ((tls_session->info.handshake_type == finished) &&
+ (tls_session->dirty_out.used == 0)) {
RDEBUG2("ACK handshake is finished");
/*
--
1.5.6.5
More information about the Freeradius-Devel
mailing list