[PATCH] Fix broken EAP-TLS (bug introduced 2008/08/24 by b51a3a82)

Alan DeKok aland at deployingradius.com
Fri Jan 30 11:26:54 CET 2009

Arnaud Ebalard wrote:
> As explained in previous mails of the thread, FreeRadius EAP-TLS support
> is broken (the EAP encapsulated TLS ChangeCipherSpec and TLS Finished
> messages are not sent). Bisecting the issue led me here:

  Hmm... git-bisect is a good tool.

>     commit b51a3a82edb797f5d0a2758bd1a38359d6f66803
>     Author: Alan T. DeKok <aland at freeradius.org>
>     Date:   Sun Aug 24 10:04:55 2008 +0200
>         Clean up debug && log messages
> AFAICT, the test that prevented eaptls_ack_handler() to return
> EAPTLS_SUCCESS *before* flushing remaining local messages
> (i.e. returning EAPTLS_REQUEST so that they be sent to the peer to
> complete the TLS handshake) was removed in that commit. 

  Ok.  There might have been a reason at the time... but it looks like a
bad idea.

> The patch below is against current git tree. With Axel, we tested the
> fix with 2.1.3: it corrects the issue.

  Added, thanks.

  Alan DeKok

More information about the Freeradius-Devel mailing list