aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/libcharon/plugins/eap_peap/eap_peap_peer.c28
-rw-r--r--src/libcharon/plugins/eap_peap/eap_peap_server.c19
2 files changed, 14 insertions, 33 deletions
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_peer.c b/src/libcharon/plugins/eap_peap/eap_peap_peer.c
index fe071b3cb..ca2af4fee 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_peer.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_peer.c
@@ -42,11 +42,6 @@ struct private_eap_peap_peer_t {
identification_t *peer;
/**
- * Current EAP-PEAP state
- */
- bool start_phase2;
-
- /**
* Outer phase 1 EAP method
*/
eap_method_t *ph1_method;
@@ -161,7 +156,6 @@ METHOD(tls_application_t, process, status_t,
return NEED_MORE;
}
type = this->ph2_method->get_type(this->ph2_method, &vendor);
- this->start_phase2 = FALSE;
}
status = this->ph2_method->process(this->ph2_method, in, &this->out);
@@ -198,27 +192,6 @@ METHOD(tls_application_t, build, status_t,
eap_type_t type;
u_int32_t vendor;
- if (this->ph2_method == NULL && this->start_phase2)
- {
- /* generate an EAP Identity response */
- this->ph2_method = charon->eap->create_instance(charon->eap, EAP_IDENTITY,
- 0, EAP_PEER, this->server, this->peer);
- if (this->ph2_method == NULL)
- {
- DBG1(DBG_IKE, "EAP_IDENTITY method not available");
- return FAILED;
- }
-
- /* synchronize EAP message identifiers of inner protocol with outer */
- this->ph2_method->set_identifier(this->ph2_method,
- this->ph1_method->get_identifier(this->ph1_method));
-
- this->ph2_method->process(this->ph2_method, NULL, &this->out);
- this->ph2_method->destroy(this->ph2_method);
- this->ph2_method = NULL;
- this->start_phase2 = FALSE;
- }
-
if (this->out)
{
code = this->out->get_code(this->out);
@@ -276,7 +249,6 @@ eap_peap_peer_t *eap_peap_peer_create(identification_t *server,
.server = server->clone(server),
.peer = peer->clone(peer),
.ph1_method = eap_method,
- .start_phase2 = TRUE,
.avp = eap_peap_avp_create(FALSE),
);
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.c b/src/libcharon/plugins/eap_peap/eap_peap_server.c
index f8dd8b904..3fabc3575 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_server.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_server.c
@@ -52,6 +52,11 @@ struct private_eap_peap_server_t {
bool start_phase2_tnc;
/**
+ * Starts phase 2 with EAP Identity request
+ */
+ bool start_phase2_id;
+
+ /**
* Final EAP-PEAP phase2 result
*/
eap_code_t phase2_result;
@@ -332,12 +337,12 @@ METHOD(tls_application_t, build, status_t,
eap_type_t type;
u_int32_t vendor;
- if (this->ph2_method == NULL && this->start_phase2 &&
- lib->settings->get_bool(lib->settings,
- "charon.plugins.eap-peap.phase2_piggyback", FALSE))
+ if (this->ph2_method == NULL && this->start_phase2 && this->start_phase2_id)
{
- /* generate an EAP Identity request which will be piggybacked right
- * onto the TLS Finished message thus initiating EAP-PEAP phase2
+ /*
+ * Start Phase 2 with an EAP Identity request either piggybacked right
+ * onto the TLS Finished payload or delayed after the reception of an
+ * empty EAP Acknowledge message.
*/
this->ph2_method = charon->eap->create_instance(charon->eap, EAP_IDENTITY,
0, EAP_SERVER, this->server, this->peer);
@@ -355,6 +360,8 @@ METHOD(tls_application_t, build, status_t,
this->ph2_method->initiate(this->ph2_method, &this->out);
this->start_phase2 = FALSE;
}
+
+ this->start_phase2_id = TRUE;
if (this->out)
{
@@ -415,6 +422,8 @@ eap_peap_server_t *eap_peap_server_create(identification_t *server,
.ph1_method = eap_method,
.start_phase2 = TRUE,
.start_phase2_tnc = TRUE,
+ .start_phase2_id = lib->settings->get_bool(lib->settings,
+ "charon.plugins.eap-peap.phase2_piggyback", FALSE),
.phase2_result = EAP_FAILURE,
.avp = eap_peap_avp_create(TRUE),
);
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 21:32:56 +0000