/*
* Print out some text describing the error.
*/
-static int int_ssl_check(SSL *s, int ret, const char *text)
+static int int_ssl_check(REQUEST *request, SSL *s, int ret, const char *text)
{
int e;
unsigned long l;
if ((l = ERR_get_error()) != 0) {
- radlog(L_ERR, "rlm_eap: SSL error %s",
- ERR_error_string(l, NULL));
+ const char *p = ERR_error_string(l, NULL);
+ radlog(L_ERR, "rlm_eap: SSL error %s", p);
+ radius_pairmake(request, &request->packet->vps,
+ "Module-Failure-Message", p, T_OP_ADD);
}
e = SSL_get_error(s, ret);
* Fill the Bio with the dirty data to clean it
* Get the cleaned data from SSL, if it is not Handshake data
*/
-int tls_handshake_recv(tls_session_t *ssn)
+int tls_handshake_recv(REQUEST *request, tls_session_t *ssn)
{
int err;
return 1;
}
- if (!int_ssl_check(ssn->ssl, err, "SSL_read")) {
+ if (!int_ssl_check(request, ssn->ssl, err, "SSL_read")) {
return 0;
}
return 1;
} else {
- int_ssl_check(ssn->ssl, err, "BIO_read");
+ int_ssl_check(request, ssn->ssl, err, "BIO_read");
record_init(&ssn->dirty_in);
return 0;
}
* Take clear-text user data, and encrypt it into the output buffer,
* to send to the client at the other end of the SSL connection.
*/
-int tls_handshake_send(tls_session_t *ssn)
+int tls_handshake_send(REQUEST *request, tls_session_t *ssn)
{
int err;
if (err > 0) {
ssn->dirty_out.used = err;
} else {
- int_ssl_check(ssn->ssl, err, "handshake_send");
+ int_ssl_check(request, ssn->ssl, err, "handshake_send");
}
}
/*
* FIXME: Check the return code.
*/
- tls_handshake_send(tls_session);
+ tls_handshake_send(request, tls_session);
return 1;
}
/*
* FIXME: Check the return code.
*/
- tls_handshake_send(tls_session);
+ tls_handshake_send(request, tls_session);
return 1;
}
(tls_session->record_plus)(&tls_session->clean_in,
&eap_packet, sizeof(eap_packet));
- tls_handshake_send(tls_session);
+ tls_handshake_send(handler->request, tls_session);
(tls_session->record_init)(&tls_session->clean_in);
return 1;
* Convert a list of VALUE_PAIR's to an EAP packet, through the
* simple expedient of dumping the EAP message
*/
-static int vp2eap(tls_session_t *tls_session, VALUE_PAIR *vp)
+static int vp2eap(REQUEST *request, tls_session_t *tls_session, VALUE_PAIR *vp)
{
/*
* Skip the id, code, and length. Just write the EAP
vp->vp_octets, vp->length);
}
- tls_handshake_send(tls_session);
+ tls_handshake_send(request, tls_session);
return 1;
}
* VP's back to the client.
*/
if (vp) {
- vp2eap(tls_session, vp);
+ vp2eap(request, tls_session, vp);
pairfree(&vp);
}