aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/libcharon/plugins/eap_ttls/eap_ttls_peer.c36
-rw-r--r--src/libcharon/plugins/eap_ttls/eap_ttls_server.c31
2 files changed, 52 insertions, 15 deletions
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
index b47ed938d..b675d9ab4 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
@@ -133,22 +133,30 @@ METHOD(tls_application_t, process, status_t,
return FAILED;
}
- if (this->method->process(this->method, in, &this->out) == NEED_MORE)
- {
- in->destroy(in);
- return NEED_MORE;
- }
+ status = this->method->process(this->method, in, &this->out);
+ in->destroy(in);
- if (vendor)
- {
- DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed", type, vendor);
- }
- else
+ switch (status)
{
- DBG1(DBG_IKE, "%N method failed", eap_type_names, type);
- }
- in->destroy(in);
- return FAILED;
+ case SUCCESS:
+ this->method->destroy(this->method);
+ this->method = NULL;
+ /* fall through to NEED_MORE since response must be sent */
+ case NEED_MORE:
+ return NEED_MORE;
+ case FAILED:
+ default:
+ if (vendor)
+ {
+ DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed",
+ type, vendor);
+ }
+ else
+ {
+ DBG1(DBG_IKE, "%N method failed", eap_type_names, type);
+ }
+ return FAILED;
+ }
}
METHOD(tls_application_t, build, status_t,
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c
index 45fc79460..8401f85b2 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c
@@ -201,12 +201,23 @@ METHOD(tls_application_t, process, status_t,
DBG1(DBG_IKE, "%N phase2 authentication of '%Y' with %N successful",
eap_type_names, EAP_TTLS, this->peer,
eap_type_names, type);
+ this->method->destroy(this->method);
+ this->method = NULL;
break;
case NEED_MORE:
break;
case FAILED:
default:
- DBG1(DBG_IKE, "%N method failed", eap_type_names, type);
+ if (vendor)
+ {
+ DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed",
+ type, vendor);
+ }
+ else
+ {
+ DBG1(DBG_IKE, "%N method failed", eap_type_names, type);
+ }
+ return FAILED;
}
return status;
}
@@ -219,6 +230,24 @@ METHOD(tls_application_t, build, status_t,
eap_type_t type;
u_int32_t vendor;
+ if (this->method == NULL && this->start_phase2 &&
+ lib->settings->get_bool(lib->settings,
+ "charon.plugins.eap-ttls.phase2_piggyback", FALSE))
+ {
+ /* generate an EAP Identity request which will be piggybacked right
+ * onto the TLS Finished message thus initiating EAP-TTLS phase2
+ */
+ this->method = charon->eap->create_instance(charon->eap, EAP_IDENTITY,
+ 0, EAP_SERVER, this->server, this->peer);
+ if (this->method == NULL)
+ {
+ DBG1(DBG_IKE, "EAP_IDENTITY method not available");
+ return FAILED;
+ }
+ this->method->initiate(this->method, &this->out);
+ this->start_phase2 = FALSE;
+ }
+
if (this->out)
{
code = this->out->get_code(this->out);
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 11:22:13 +0000