tls-eap: Conclude EAP method also after processing packets
authorTobias Brunner <tobias@strongswan.org>
Thu, 14 Jan 2021 17:02:00 +0000 (18:02 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 12 Feb 2021 13:35:23 +0000 (14:35 +0100)
With TLS 1.3, the server sends its Finished message first, so the
session is complete after processing the client's Finished message,
without having to send anything else (in particular no acknowledgement
as the last message from the client is no fragment).

src/libtls/tls_eap.c

index 12d5aed..196cf92 100644 (file)
@@ -394,6 +394,10 @@ METHOD(tls_eap_t, process, status_t,
        switch (status)
        {
                case INVALID_STATE:
+                       if (this->tls->is_complete(this->tls))
+                       {
+                               return SUCCESS;
+                       }
                        *out = create_ack(this);
                        return NEED_MORE;
                case FAILED: