EAP-TLS clients send an empty packet on failure to properly shut down a TLS session
authorMartin Willi <martin@revosec.ch>
Mon, 23 Aug 2010 12:22:54 +0000 (14:22 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 23 Aug 2010 13:13:41 +0000 (15:13 +0200)
src/libcharon/plugins/eap_tls/eap_tls.c

index fa0babe..7745800 100644 (file)
@@ -382,6 +382,12 @@ METHOD(eap_method_t, process, status_t,
        {
                *out = read_buf(this, pkt->identifier);
        }
+       else if (status == FAILED && !this->is_server)
+       {       /* client sends an empty TLS message, waits for a EAP-Failure */
+               chunk_free(&this->output);
+               *out = read_buf(this, pkt->identifier);
+               return NEED_MORE;
+       }
        return status;
 }