Don't allow NULL encryption with PEAP

author: Martin Willi <martin@revosec.ch> 2012-08-30 11:13:02 +0200
committer: Martin Willi <martin@revosec.ch> 2012-09-12 13:19:52 +0200
commit: ab2c989c32c32384814d6ff5b5e031b35bd61864 (patch)
tree: 6c369d32247fa2f9e862a207905a5290c1583c38 /src/libtls/tls_crypto.c
parent: acada66a351b4cc78dbd0d0210b74c902dbd24d7 (diff)
download: strongswan-ab2c989c32c32384814d6ff5b5e031b35bd61864.tar.bz2
strongswan-ab2c989c32c32384814d6ff5b5e031b35bd61864.tar.xz
1 files changed, 3 insertions, 1 deletions
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 820ae74de..725e9b1ca 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1752,10 +1752,12 @@ tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache)
 	switch (tls->get_purpose(tls))
 	{
 		case TLS_PURPOSE_EAP_TLS:
-		case TLS_PURPOSE_EAP_PEAP:
 			/* MSK PRF ASCII constant label according to EAP-TLS RFC 5216 */
 			this->msk_label = "client EAP encryption";
 			build_cipher_suite_list(this, FALSE);
+		case TLS_PURPOSE_EAP_PEAP:
+			this->msk_label = "client EAP encryption";
+			build_cipher_suite_list(this, TRUE);
 			break;
 		case TLS_PURPOSE_EAP_TTLS:
 			/* MSK PRF ASCII constant label according to EAP-TTLS RFC 5281 */
author	Martin Willi <martin@revosec.ch>	2012-08-30 11:13:02 +0200
committer	Martin Willi <martin@revosec.ch>	2012-09-12 13:19:52 +0200
commit	ab2c989c32c32384814d6ff5b5e031b35bd61864 (patch)
tree	6c369d32247fa2f9e862a207905a5290c1583c38 /src/libtls/tls_crypto.c
parent	acada66a351b4cc78dbd0d0210b74c902dbd24d7 (diff)
download	strongswan-ab2c989c32c32384814d6ff5b5e031b35bd61864.tar.bz2 strongswan-ab2c989c32c32384814d6ff5b5e031b35bd61864.tar.xz