# outer requests.
#
virtual_server = "inner-tunnel"
+
+ # This has the same meaning as the
+ # same field in the "tls" module, above.
+ # The default value here is "yes".
+ # include_length = yes
}
##################################################
int copy_request_to_tunnel;
/*
+ * RFC 5281 (TTLS) says that the length field MUST NOT be
+ * in fragments after the first one. However, we've done
+ * it that way for years, and no one has complained.
+ *
+ * In the interests of allowing the server to follow the
+ * RFC, we add the option here. If set to "no", it sends
+ * the length field in ONLY the first fragment.
+ */
+ int include_length;
+
+ /*
* Virtual server for inner tunnel session.
*/
char *virtual_server;
{ "virtual_server", PW_TYPE_STRING_PTR,
offsetof(rlm_eap_ttls_t, virtual_server), NULL, NULL },
+ { "include_length", PW_TYPE_BOOLEAN,
+ offsetof(rlm_eap_ttls_t, include_length), NULL, "yes" },
+
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
RDEBUG2("Authenticate");
+ tls_session->length_flag = inst->include_length;
+
/*
* Process TLS layer until done.
*/