From: Dan Breslau Date: Wed, 26 Oct 2016 01:11:12 +0000 (-0400) Subject: In eap_peer_tls_process_init, check (and ignore) data->ssl_ctx instead of X-Git-Tag: v0.9.6~1 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.git;a=commitdiff_plain;h=0b643c77ae14dbc7b956d6f609186779dd2ead3c In eap_peer_tls_process_init, check (and ignore) data->ssl_ctx instead of sm->ssl_ctx. This is equivalent to what hostap_2.6 does, other than ignoring the return value. --- diff --git a/libeap/src/eap_peer/eap_tls_common.c b/libeap/src/eap_peer/eap_tls_common.c index 0d17122..279e15d 100644 --- a/libeap/src/eap_peer/eap_tls_common.c +++ b/libeap/src/eap_peer/eap_tls_common.c @@ -827,14 +827,14 @@ const u8 * eap_peer_tls_process_init(struct eap_sm *sm, size_t left; unsigned int tls_msg_len; - /* Ignore errors before we do anything*/ - (void) tls_get_errors(sm->ssl_ctx); - - //// if (tls_get_errors(data->ssl_ctx)) { - //// wpa_printf(MSG_INFO, "SSL: TLS errors detected"); - //// ret->ignore = TRUE; - //// return NULL; - //// } + + if (tls_get_errors(data->ssl_ctx)) { + wpa_printf(MSG_INFO, "SSL: TLS errors detected"); + /* Next two lines commented out by Painless Security for Moonshot */ + /* ret->ignore = TRUE; + * return NULL; + */ + } if (eap_type == EAP_UNAUTH_TLS_TYPE) pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS,