Extra validation for EAP-TLS

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Jun 8 17:39:54 CEST 2015


Hi All,

I've added some additional validation for EAP-TLS that caps the maximum inbound TLS record size at the length indicated in the first (L) Length Included packet.

If you're using v3.0.x and EAP-TLS could you please check to make sure this isn't tripped by any of the supplicants in use at your site.

I've tested with OSX 10.10.3, and IOS 8.3, and will test with wpa_supplicant/eapol_test but don't have access to all the different Windows variants.

Thanks,
-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150608/013620c7/attachment.sig>


More information about the Freeradius-Users mailing list