Check TLS status on EAP server during handshake

The new TLS wrapper use may end up returning alert data and we need to
make sure here that it does not end up getting interpreted as success
due to non-NULL response.

diff --git a/src/eap_server/eap_tls_common.c b/src/eap_server/eap_tls_common.c
index c4c7806..7a2c76a 100644 (file)
--- a/src/eap_server/eap_tls_common.c
+++ b/src/eap_server/eap_tls_common.c
@@ -254,6 +254,12 @@ int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
                wpa_printf(MSG_INFO, "SSL: TLS processing failed");
                return -1;
        }
+       if (tls_connection_get_failed(sm->ssl_ctx, data->conn)) {
+               /* TLS processing has failed - return error */
+               wpa_printf(MSG_DEBUG, "SSL: Failed - out_buf available to "
+                          "report error");
+               return -1;
+       }
 
        return 0;
 }