[PATCH] Fix broken EAP-TLS (bug introduced 2008/08/24 by b51a3a82)
Alan DeKok
aland at deployingradius.com
Fri Jan 30 11:26:54 CET 2009
Arnaud Ebalard wrote:
> As explained in previous mails of the thread, FreeRadius EAP-TLS support
> is broken (the EAP encapsulated TLS ChangeCipherSpec and TLS Finished
> messages are not sent). Bisecting the issue led me here:
Hmm... git-bisect is a good tool.
> commit b51a3a82edb797f5d0a2758bd1a38359d6f66803
> Author: Alan T. DeKok <aland at freeradius.org>
> Date: Sun Aug 24 10:04:55 2008 +0200
>
> Clean up debug && log messages
>
> AFAICT, the test that prevented eaptls_ack_handler() to return
> EAPTLS_SUCCESS *before* flushing remaining local messages
> (i.e. returning EAPTLS_REQUEST so that they be sent to the peer to
> complete the TLS handshake) was removed in that commit.
Ok. There might have been a reason at the time... but it looks like a
bad idea.
> The patch below is against current git tree. With Axel, we tested the
> fix with 2.1.3: it corrects the issue.
Added, thanks.
Alan DeKok
More information about the Freeradius-Devel
mailing list