Don't allow NULL encryption with PEAP

author Martin Willi <martin@revosec.ch>

Thu, 30 Aug 2012 09:13:02 +0000 (11:13 +0200)

committer Martin Willi <martin@revosec.ch>

Wed, 12 Sep 2012 11:19:52 +0000 (13:19 +0200)
author Martin Willi <martin@revosec.ch>
Thu, 30 Aug 2012 09:13:02 +0000 (11:13 +0200)
committer Martin Willi <martin@revosec.ch>
Wed, 12 Sep 2012 11:19:52 +0000 (13:19 +0200)
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c

index 820ae74..725e9b1 100644 (file)
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1752,10 +1752,12 @@ tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache)
         switch (tls->get_purpose(tls))
         {
                 case TLS_PURPOSE_EAP_TLS:
-               case TLS_PURPOSE_EAP_PEAP:
                         /* MSK PRF ASCII constant label according to EAP-TLS RFC 5216 */
                         this->msk_label = "client EAP encryption";
                         build_cipher_suite_list(this, FALSE);
+               case TLS_PURPOSE_EAP_PEAP:
+                       this->msk_label = "client EAP encryption";
+                       build_cipher_suite_list(this, TRUE);
                         break;
                 case TLS_PURPOSE_EAP_TTLS:
                         /* MSK PRF ASCII constant label according to EAP-TTLS RFC 5281 */
author	Martin Willi <martin@revosec.ch>
	Thu, 30 Aug 2012 09:13:02 +0000 (11:13 +0200)
committer	Martin Willi <martin@revosec.ch>
	Wed, 12 Sep 2012 11:19:52 +0000 (13:19 +0200)