diff options
| author | Martin Willi <martin@revosec.ch> | 2010-08-23 14:22:54 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2010-08-23 15:13:41 +0200 |
| commit | 5ff8c62707530031b0e05345bd496154738542a6 (patch) | |
| tree | d40da7b5f77e420613687b7c2817c271e33474e4 | |
| parent | e6f3ef13303313ce4a87983fe640f958e07cc676 (diff) | |
| download | strongswan-5ff8c62707530031b0e05345bd496154738542a6.tar.bz2 strongswan-5ff8c62707530031b0e05345bd496154738542a6.tar.xz | |
EAP-TLS clients send an empty packet on failure to properly shut down a TLS session
| -rw-r--r-- | src/libcharon/plugins/eap_tls/eap_tls.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c index fa0babe26..77458007e 100644 --- a/src/libcharon/plugins/eap_tls/eap_tls.c +++ b/src/libcharon/plugins/eap_tls/eap_tls.c @@ -382,6 +382,12 @@ METHOD(eap_method_t, process, status_t, { *out = read_buf(this, pkt->identifier); } + else if (status == FAILED && !this->is_server) + { /* client sends an empty TLS message, waits for a EAP-Failure */ + chunk_free(&this->output); + *out = read_buf(this, pkt->identifier); + return NEED_MORE; + } return status; } |