information from CRDA is now used with mac80211); this allows 5 GHz
channels to be used with hostapd (if allowed in the current
regulatory domain)
+ * fixed EAP-TLS message processing for the last TLS message if it is
+ large enough to require fragmentation (e.g., if a large Session
+ Ticket data is included)
2008-11-01 - v0.6.5
* added support for SHA-256 as X.509 certificate digest when using the
struct eap_tls_data {
struct eap_ssl_data ssl;
enum { START, CONTINUE, SUCCESS, FAILURE } state;
+ int established;
};
static struct wpabuf * eap_tls_buildReq(struct eap_sm *sm, void *priv, u8 id)
{
struct eap_tls_data *data = priv;
-
+ struct wpabuf *res;
if (data->ssl.state == FRAG_ACK) {
return eap_server_tls_build_ack(id, EAP_TYPE_TLS, 0);
}
if (data->ssl.state == WAIT_FRAG_ACK) {
- return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TLS, 0,
- id);
+ res = eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TLS, 0,
+ id);
+ goto check_established;
}
switch (data->state) {
case START:
return eap_tls_build_start(sm, data, id);
case CONTINUE:
- if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
- wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
- eap_tls_state(data, SUCCESS);
- }
+ if (tls_connection_established(sm->ssl_ctx, data->ssl.conn))
+ data->established = 1;
break;
default:
wpa_printf(MSG_DEBUG, "EAP-TLS: %s - unexpected state %d",
return NULL;
}
- return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TLS, 0, id);
+ res = eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TLS, 0, id);
+
+check_established:
+ if (data->established && data->ssl.state != WAIT_FRAG_ACK) {
+ /* TLS handshake has been completed and there are no more
+ * fragments waiting to be sent out. */
+ wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
+ eap_tls_state(data, SUCCESS);
+ }
+
+ return res;
}
projects / libeap.git / commitdiff