5 files changed, 19 insertions, 6 deletions

diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c
index 15a9972f2..855504fe0 100644
--- a/src/libcharon/encoding/payloads/eap_payload.c
+++ b/src/libcharon/encoding/payloads/eap_payload.c
@@ -241,6 +241,12 @@ METHOD(eap_payload_t, get_type, eap_type_t,
 	return 0;
 }
 
+METHOD(eap_payload_t, is_expanded, bool,
+	private_eap_payload_t *this)
+{
+	return this->data.len > 4 ? this->data.ptr[4] == EAP_EXPANDED : FALSE;
+}
+
 METHOD2(payload_t, eap_payload_t, destroy, void,
 	private_eap_payload_t *this)
 {
@@ -272,6 +278,7 @@ eap_payload_t *eap_payload_create()
 			.get_code = _get_code,
 			.get_identifier = _get_identifier,
 			.get_type = _get_type,
+			.is_expanded = _is_expanded,
 			.destroy = _destroy,
 		},
 		.next_payload = NO_PAYLOAD,
diff --git a/src/libcharon/encoding/payloads/eap_payload.h b/src/libcharon/encoding/payloads/eap_payload.h
index d3c3fae28..934983282 100644
--- a/src/libcharon/encoding/payloads/eap_payload.h
+++ b/src/libcharon/encoding/payloads/eap_payload.h
@@ -83,6 +83,13 @@ struct eap_payload_t {
 	eap_type_t (*get_type) (eap_payload_t *this, u_int32_t *vendor);
 
 	/**
+	 * Check if the EAP method type is encoded in the Expanded Type format.
+	 *
+	 * @return			TRUE if in Expanded Type format
+	 */
+	bool (*is_expanded) (eap_payload_t *this);
+
+	/**
 	 * Destroys an eap_payload_t object.
 	 */
 	void (*destroy) (eap_payload_t *this);
@@ -129,8 +136,7 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier);
  * @param identifier	EAP identifier to use in payload
  * @param type			preferred auth type, 0 to send all supported types
  * @param vendor		vendor identifier for auth type, 0 for default
- * @param expanded		TRUE to send an expanded Nak (as response to an expanded
- * 						request, i.e. one with vendor specific type)
+ * @param expanded		TRUE to send an expanded Nak
  * @return 				eap_payload_t object
  */
 eap_payload_t *eap_payload_create_nak(u_int8_t identifier, eap_type_t type,
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_peer.c b/src/libcharon/plugins/eap_peap/eap_peap_peer.c
index 5e1972672..79fd667cb 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_peer.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_peer.c
@@ -152,7 +152,7 @@ METHOD(tls_application_t, process, status_t,
 		{
 			DBG1(DBG_IKE, "EAP method not supported");
 			this->out = eap_payload_create_nak(in->get_identifier(in), 0, 0,
-											   received_vendor != 0);
+											   in->is_expanded(in));
 			in->destroy(in);
 			return NEED_MORE;
 		}
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
index 811fe051b..00a4da3f8 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
@@ -193,7 +193,7 @@ METHOD(tls_application_t, process, status_t,
 		{
 			DBG1(DBG_IKE, "EAP method not supported");
 			this->out = eap_payload_create_nak(in->get_identifier(in), 0, 0,
-											   received_vendor != 0);
+											   in->is_expanded(in));
 			in->destroy(in);
 			return NEED_MORE;
 		}
diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
index c9178d061..a340c04d7 100644
--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
@@ -404,14 +404,14 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this,
 					 eap_type_names, conf_type);
 			}
 			return eap_payload_create_nak(in->get_identifier(in), conf_type,
-										  conf_vendor, vendor != 0);
+										  conf_vendor, in->is_expanded(in));
 		}
 		this->method = load_method(this, type, vendor, EAP_PEER);
 		if (!this->method)
 		{
 			DBG1(DBG_IKE, "EAP method not supported, sending EAP_NAK");
 			return eap_payload_create_nak(in->get_identifier(in), 0, 0,
-										  vendor != 0);
+										  in->is_expanded(in));
 		}
 	}