Use assert not rad_assert

[freeradius.git] / src / modules / rlm_eap / libeap / eap_tls.c
diff --git a/src/modules/rlm_eap/libeap/eap_tls.c b/src/modules/rlm_eap/libeap/eap_tls.c

index 2452f6b..6a0e5dc 100644 (file)
--- a/src/modules/rlm_eap/libeap/eap_tls.c
+++ b/src/modules/rlm_eap/libeap/eap_tls.c
@@ -109,6 +109,7 @@ int eaptls_success(EAP_HANDLER *handler, int peap_flag)
         REQUEST *request = handler->request;
         tls_session_t *tls_session = handler->opaque;
  
+       handler->finished = TRUE;
         reply.code = EAPTLS_SUCCESS;
         reply.length = TLS_HEADER_LEN;
         reply.flags = peap_flag;
@@ -125,7 +126,7 @@ int eaptls_success(EAP_HANDLER *handler, int peap_flag)
          *      user.
          */
         if ((!tls_session->allow_session_resumption) ||
-           (((vp = pairfind(request->config_items, 1127)) != NULL) &&
+           (((vp = pairfind(request->config_items, 1127, 0)) != NULL) &&
              (vp->vp_integer == 0))) {
                 SSL_CTX_remove_session(tls_session->ctx,
                                        tls_session->ssl->session);
@@ -147,11 +148,14 @@ int eaptls_success(EAP_HANDLER *handler, int peap_flag)
         } else if (!SSL_session_reused(tls_session->ssl)) {
                 RDEBUG2("Saving response in the cache");
                 
-               vp = paircopy2(request->reply->vps, PW_USER_NAME);
-               pairadd(&vps, vp);
+               vp = paircopy2(request->reply->vps, PW_USER_NAME, 0);
+               if (vp) pairadd(&vps, vp);
                 
-               vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME);
-               pairadd(&vps, vp);
+               vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME, 0);
+               if (vp) pairadd(&vps, vp);
+               
+               vp = paircopy2(request->reply->vps, PW_CACHED_SESSION_POLICY, 0);
+               if (vp) pairadd(&vps, vp);
                 
                 if (vps) {
                         SSL_SESSION_set_ex_data(tls_session->ssl->session,
@@ -181,7 +185,7 @@ int eaptls_success(EAP_HANDLER *handler, int peap_flag)
                         /*
                          *      Mark the request as resumed.
                          */
-                       vp = pairmake("EAP-Session-Resumed", "0", T_OP_SET);
+                       vp = pairmake("EAP-Session-Resumed", "1", T_OP_SET);
                         if (vp) pairadd(&request->packet->vps, vp);
                 }
         }
@@ -209,6 +213,7 @@ int eaptls_fail(EAP_HANDLER *handler, int peap_flag)
         EAPTLS_PACKET   reply;
         tls_session_t *tls_session = handler->opaque;
  
+       handler->finished = TRUE;
         reply.code = EAPTLS_FAIL;
         reply.length = TLS_HEADER_LEN;
         reply.flags = peap_flag;
@@ -760,7 +765,7 @@ static eaptls_status_t eaptls_operation(eaptls_status_t status,
          *      If more info
          *      is required then send another request.
          */
-       if (!tls_handshake_recv(tls_session)) {
+       if (!tls_handshake_recv(handler->request, tls_session)) {
                 DEBUG2("TLS receive handshake failed during operation");
                 eaptls_fail(handler, tls_session->peap_flag);
                 return EAPTLS_FAIL;
@@ -834,7 +839,11 @@ eaptls_status_t eaptls_process(EAP_HANDLER *handler)
         eaptls_status_t status;
         REQUEST *request = handler->request;
  
+       assert(request != NULL);
+
         RDEBUG2("processing EAP-TLS");
+       if (handler->certs) pairadd(&request->packet->vps,
+                                   paircopy(handler->certs));
  
         /* This case is when SSL generates Alert then we
          * send that alert to the client and then send the EAP-Failure