Permit TLS inside of PEAP/TTLS tunnels. It won't work, but it

	won't crash the system, either.  Maybe enbling it will let
	someone debug the issues.

diff --git a/src/modules/rlm_eap/eap.c b/src/modules/rlm_eap/eap.c
index b66b12c..4243758 100644 (file)
--- a/src/modules/rlm_eap/eap.c
+++ b/src/modules/rlm_eap/eap.c
@@ -257,8 +257,7 @@ int eaptype_select(rlm_eap_t *inst, EAP_HANDLER *handler)
                 */
                if ((handler->request->packet->dst_port == 0) &&
                    (default_eap_type == PW_EAP_TLS)) {
-                       DEBUG2(" rlm_eap: Unable to tunnel TLS inside of TLS");
-                       return EAP_INVALID;
+                       DEBUG2(" rlm_eap: WARNING: Tunnelling TLS inside of a TLS will probably not work.");
                }
 
                if (eaptype_call(inst->types[default_eap_type],

diff --git a/src/modules/rlm_eap/rlm_eap.c b/src/modules/rlm_eap/rlm_eap.c
index c64e848..0777b4b 100644 (file)
--- a/src/modules/rlm_eap/rlm_eap.c
+++ b/src/modules/rlm_eap/rlm_eap.c
@@ -262,10 +262,7 @@ static int eap_authenticate(void *instance, REQUEST *request)
                case PW_EAP_TLS:
                case PW_EAP_TTLS:
                case PW_EAP_PEAP:
-                       DEBUG2(" rlm_eap: Unable to tunnel TLS inside of TLS");
-                       eap_fail(handler);
-                       eap_handler_free(handler);
-                       return RLM_MODULE_INVALID;
+                       DEBUG2(" rlm_eap: WARNING: Tunnelling TLS inside of a TLS will probably not work.");
                        break;
 
                default:        /* It may be OK, allow it to proceed */