jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

pkcs11: Don't ask for a new PIN on TLS handshake failure

Browse source 
The only time the PIN should fail is when we initialize the TLS
connection, so it doesn't really make sense to get rid of the PIN just
because some other part of the handshake failed.

This is a followup to commit fd4fb28179
('OpenSSL: Try to ensure we don't throw away the PIN unnecessarily').

Signed-off-by: Mike Gerow <gerow@google.com>
This commit is contained in:
Mike Gerow 2015-07-06 14:26:57 -07:00 committed by Jouni Malinen
parent 1f560ff08f
commit 471c810bc1
1 changed files with 0 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/eap_peer/eap_tls.c
View file

@ -156,20 +156,6 @@ static struct wpabuf * eap_tls_failure(struct eap_sm *sm,
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
if (res == -1) {
struct eap_peer_config *config = eap_get_config(sm);
if (config) {
/*
* The TLS handshake failed. So better forget the old
* PIN. It may be wrong, we cannot be sure but trying
* the wrong one again might block it on the card--so
* better ask the user again.
*/
os_free(config->pin);
config->pin = NULL;
}
}
if (resp) {
/*
* This is likely an alert message, so send it instead of just