Fixed EAP-TLS message fragmentation for the last TLS message
It the message was large enough to require fragmentation (e.g., if a large Session Ticket data is included), More Fragment flag was set, but no more fragments were actually sent (i.e., Access-Accept was sent out).
This commit is contained in:
parent
f32fe71a1f
commit
012783f1ab
2 changed files with 21 additions and 8 deletions
|
@ -14,6 +14,9 @@ ChangeLog for hostapd
|
|||
information from CRDA is now used with mac80211); this allows 5 GHz
|
||||
channels to be used with hostapd (if allowed in the current
|
||||
regulatory domain)
|
||||
* fixed EAP-TLS message processing for the last TLS message if it is
|
||||
large enough to require fragmentation (e.g., if a large Session
|
||||
Ticket data is included)
|
||||
|
||||
2008-11-01 - v0.6.5
|
||||
* added support for SHA-256 as X.509 certificate digest when using the
|
||||
|
|
|
@ -26,6 +26,7 @@ static void eap_tls_reset(struct eap_sm *sm, void *priv);
|
|||
struct eap_tls_data {
|
||||
struct eap_ssl_data ssl;
|
||||
enum { START, CONTINUE, SUCCESS, FAILURE } state;
|
||||
int established;
|
||||
};
|
||||
|
||||
|
||||
|
@ -109,25 +110,24 @@ static struct wpabuf * eap_tls_build_start(struct eap_sm *sm,
|
|||
static struct wpabuf * eap_tls_buildReq(struct eap_sm *sm, void *priv, u8 id)
|
||||
{
|
||||
struct eap_tls_data *data = priv;
|
||||
|
||||
struct wpabuf *res;
|
||||
|
||||
if (data->ssl.state == FRAG_ACK) {
|
||||
return eap_server_tls_build_ack(id, EAP_TYPE_TLS, 0);
|
||||
}
|
||||
|
||||
if (data->ssl.state == WAIT_FRAG_ACK) {
|
||||
return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TLS, 0,
|
||||
res = eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TLS, 0,
|
||||
id);
|
||||
goto check_established;
|
||||
}
|
||||
|
||||
switch (data->state) {
|
||||
case START:
|
||||
return eap_tls_build_start(sm, data, id);
|
||||
case CONTINUE:
|
||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
|
||||
eap_tls_state(data, SUCCESS);
|
||||
}
|
||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn))
|
||||
data->established = 1;
|
||||
break;
|
||||
default:
|
||||
wpa_printf(MSG_DEBUG, "EAP-TLS: %s - unexpected state %d",
|
||||
|
@ -135,7 +135,17 @@ static struct wpabuf * eap_tls_buildReq(struct eap_sm *sm, void *priv, u8 id)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TLS, 0, id);
|
||||
res = eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TLS, 0, id);
|
||||
|
||||
check_established:
|
||||
if (data->established && data->ssl.state != WAIT_FRAG_ACK) {
|
||||
/* TLS handshake has been completed and there are no more
|
||||
* fragments waiting to be sent out. */
|
||||
wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
|
||||
eap_tls_state(data, SUCCESS);
|
||||
}
|
||||
|
||||
return res;
|
||||
}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue