Don't allow NULL encryption with PEAP
authorMartin Willi <martin@revosec.ch>
Thu, 30 Aug 2012 09:13:02 +0000 (11:13 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 12 Sep 2012 11:19:52 +0000 (13:19 +0200)
src/libtls/tls_crypto.c

index 820ae74..725e9b1 100644 (file)
@@ -1752,10 +1752,12 @@ tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache)
        switch (tls->get_purpose(tls))
        {
                case TLS_PURPOSE_EAP_TLS:
-               case TLS_PURPOSE_EAP_PEAP:
                        /* MSK PRF ASCII constant label according to EAP-TLS RFC 5216 */
                        this->msk_label = "client EAP encryption";
                        build_cipher_suite_list(this, FALSE);
+               case TLS_PURPOSE_EAP_PEAP:
+                       this->msk_label = "client EAP encryption";
+                       build_cipher_suite_list(this, TRUE);
                        break;
                case TLS_PURPOSE_EAP_TTLS:
                        /* MSK PRF ASCII constant label according to EAP-TTLS RFC 5281 */