If we're inside of a TLS tunnel, don't require a client

author aland <aland>

Sun, 16 Dec 2007 08:26:56 +0000 (08:26 +0000)

committer aland <aland>

Sun, 16 Dec 2007 08:26:56 +0000 (08:26 +0000)
author aland <aland>
Sun, 16 Dec 2007 08:26:56 +0000 (08:26 +0000)
committer aland <aland>
Sun, 16 Dec 2007 08:26:56 +0000 (08:26 +0000)
diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c

index 239a473..c97ca34 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
+++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
@@ -615,6 +615,13 @@ static int eaptls_initiate(void *type_arg, EAP_HANDLER *handler)
                 } else {
                         client_cert = vp->vp_integer;
                 }
+
+       } else if (handler->request->parent) {
+               /*
+                *      If we're doing EAP-TLS inside of a TLS tunnel,
+                *      we don't need a client certificate.
+                */
+               client_cert = FALSE;
         }
  
         /*