Clean up code to call tls_handshake_send(), which deals with
fragmented data inside of the TLS tunnel.
It still doesn't work with PEAP/EAP-TLS, but that's now because
after the tunneled session is set up, the *outer* session sends
a bare ACK, where it really needs an ACK inside of the tunnel.
This means that it skips updating the internal list of
"known EAP sessions". When the next piece of data comes in,
it's EAP Id is one more than expected from the tunneled State,
and the code thinks there's something weird going on.