11:19 a.m.
Despite that PEAPv0 spec indicates that TLS tunnel needs to be torn
down after the transmission of a secure Result response, some servers
treat this TLS close alert as a failure. This patch changes the above
behavior to explicitly torn the tunnel only in the case of
authentication failure and leave it open after the success.
---
src/eap-peap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/eap-peap.c b/src/eap-peap.c
index c8949ca2..16ab0319 100644
--- a/src/eap-peap.c
+++ b/src/eap-peap.c
@@ -182,14 +182,14 @@ static void eap_extensions_handle_request(struct eap_state *eap,
eap_peap_phase2_send_response(response, sizeof(response), eap);
- eap_tls_common_tunnel_close(eap);
-
eap_discard_success_and_failure(eap, false);
eap_tls_common_set_completed(eap);
if (r != EAP_EXTENSIONS_RESULT_SUCCCESS) {
eap_tls_common_set_phase2_failed(eap);
+ eap_tls_common_tunnel_close(eap);
+
return;
}
--
v2: Add description
2.13.6
11:29 a.m.
New subject: [PATCH v2] peap: Adjust V0 not to close tunnel on Success of
Phase2
Hi Tim,
On 11/11/19 6:19 PM, Tim Kourt wrote:
Despite that PEAPv0 spec indicates that TLS tunnel needs to be torn
down after the transmission of a secure Result response, some servers
treat this TLS close alert as a failure. This patch changes the above
behavior to explicitly torn the tunnel only in the case of
authentication failure and leave it open after the success.
---
src/eap-peap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Applied, thanks.
Regards,
-denis
1041
days inactive
1041
days old
1 comments
2 participants
participants (2)
-
Denis Kenzior -
Tim Kourt