eap_tls_state_txt(data->state),
eap_tls_state_txt(state));
data->state = state;
+ if (state == FAILURE)
+ tls_connection_remove_session(data->ssl.conn);
+}
+
+
+static void eap_tls_valid_session(struct eap_sm *sm, struct eap_tls_data *data)
+{
+ struct wpabuf *buf;
+
+ if (!sm->tls_session_lifetime)
+ return;
+
+ buf = wpabuf_alloc(1);
+ if (!buf)
+ return;
+ wpabuf_put_u8(buf, data->eap_type);
+ tls_connection_set_success_data(data->ssl.conn, buf);
}
* fragments waiting to be sent out. */
wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
eap_tls_state(data, SUCCESS);
+ eap_tls_valid_session(sm, data);
}
return res;
struct wpabuf *respData)
{
struct eap_tls_data *data = priv;
+ const struct wpabuf *buf;
+ const u8 *pos;
+
if (eap_server_tls_process(sm, &data->ssl, respData, data,
data->eap_type, NULL, eap_tls_process_msg) <
- 0)
+ 0) {
eap_tls_state(data, FAILURE);
+ return;
+ }
+
+ if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
+ !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn))
+ return;
+
+ buf = tls_connection_get_success_data(data->ssl.conn);
+ if (!buf || wpabuf_len(buf) < 1) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-TLS: No success data in resumed session - reject attempt");
+ eap_tls_state(data, FAILURE);
+ return;
+ }
+
+ pos = wpabuf_head(buf);
+ if (*pos != data->eap_type) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-TLS: Resumed session for another EAP type (%u) - reject attempt",
+ *pos);
+ eap_tls_state(data, FAILURE);
+ return;
+ }
+
+ wpa_printf(MSG_DEBUG,
+ "EAP-TLS: Resuming previous session");
+ eap_tls_state(data, SUCCESS);
+ tls_connection_set_success_data_resumed(data->ssl.conn);
}