{
const char *str, *state;
int w;
+ EAP_HANDLER *handler = (EAP_HANDLER *)SSL_get_ex_data(s, 0);
+ REQUEST *request = NULL;
+ char buffer[1024];
+
+ if (handler) request = handler->request;
w = where & ~SSL_ST_MASK;
if (w & SSL_ST_CONNECT) str=" TLS_connect";
state = SSL_state_string_long(s);
state = state ? state : "NULL";
+ buffer[0] = '\0';
if (where & SSL_CB_LOOP) {
- if (debug_flag) radlog(L_INFO, "%s: %s\n", str, state);
+ RDEBUG2("%s: %s\n", str, state);
} else if (where & SSL_CB_HANDSHAKE_START) {
- if (debug_flag) radlog(L_INFO, "%s: %s\n", str, state);
+ RDEBUG2("%s: %s\n", str, state);
} else if (where & SSL_CB_HANDSHAKE_DONE) {
- radlog(L_INFO, "%s: %s\n", str, state);
+ RDEBUG2("%s: %s\n", str, state);
} else if (where & SSL_CB_ALERT) {
str=(where & SSL_CB_READ)?"read":"write";
- radlog(L_ERR,"TLS Alert %s:%s:%s\n", str,
- SSL_alert_type_string_long(ret),
- SSL_alert_desc_string_long(ret));
+
+ snprintf(buffer, sizeof(buffer), "TLS Alert %s:%s:%s\n",
+ str,
+ SSL_alert_type_string_long(ret),
+ SSL_alert_desc_string_long(ret));
} else if (where & SSL_CB_EXIT) {
- if (ret == 0)
- radlog(L_ERR, "%s:failed in %s\n", str, state);
- else if (ret < 0)
- radlog(L_ERR, "%s:error in %s\n", str, state);
+ if (ret == 0) {
+ snprintf(buffer, sizeof(buffer), "%s: failed in %s",
+ str, state);
+
+ } else if (ret < 0) {
+ if (SSL_want_read(s)) {
+ RDEBUG2("%s: Need to read more data: %s",
+ str, state);
+ } else {
+ snprintf(buffer, sizeof(buffer),
+ "%s: error in %s\n", str, state);
+ }
+ }
+ }
+
+ if (buffer[0]) {
+ radlog(L_ERR, "%s", buffer);
+
+ if (request) {
+ VALUE_PAIR *vp;
+
+ vp = pairmake("Module-Failure-Message", buffer, T_OP_ADD);
+ if (vp) pairadd(&request->packet->vps, vp);
+ }
}
}
return(strlen((char *)userdata));
}
-RSA *cbtls_rsa(SSL *s UNUSED, int is_export UNUSED, int keylength)
-{
- static RSA *rsa_tmp=NULL;
-
- if (rsa_tmp == NULL) {
- radlog(L_INFO, "Generating temp (%d bit) RSA key...", keylength);
- rsa_tmp=RSA_generate_key(keylength, RSA_F4, NULL, NULL);
- }
- return(rsa_tmp);
-}
+/*
+ * For callbacks
+ */
+int eaptls_handle_idx = -1;
+int eaptls_conf_idx = -1;
+int eaptls_session_idx = -1;
#endif /* !defined(NO_OPENSSL) */