From 0b643c77ae14dbc7b956d6f609186779dd2ead3c Mon Sep 17 00:00:00 2001 From: Dan Breslau Date: Tue, 25 Oct 2016 21:11:12 -0400 Subject: [PATCH] In eap_peer_tls_process_init, check (and ignore) data->ssl_ctx instead of sm->ssl_ctx. This is equivalent to what hostap_2.6 does, other than ignoring the return value. --- libeap/src/eap_peer/eap_tls_common.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libeap/src/eap_peer/eap_tls_common.c b/libeap/src/eap_peer/eap_tls_common.c index 0d17122..279e15d 100644 --- a/libeap/src/eap_peer/eap_tls_common.c +++ b/libeap/src/eap_peer/eap_tls_common.c @@ -827,14 +827,14 @@ const u8 * eap_peer_tls_process_init(struct eap_sm *sm, size_t left; unsigned int tls_msg_len; - /* Ignore errors before we do anything*/ - (void) tls_get_errors(sm->ssl_ctx); - - //// if (tls_get_errors(data->ssl_ctx)) { - //// wpa_printf(MSG_INFO, "SSL: TLS errors detected"); - //// ret->ignore = TRUE; - //// return NULL; - //// } + + if (tls_get_errors(data->ssl_ctx)) { + wpa_printf(MSG_INFO, "SSL: TLS errors detected"); + /* Next two lines commented out by Painless Security for Moonshot */ + /* ret->ignore = TRUE; + * return NULL; + */ + } if (eap_type == EAP_UNAUTH_TLS_TYPE) pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS, -- 2.1.4