EAP-TLS clients send an empty packet on failure to properly shut down a TLS session

2010-08-23 14:22:54 +02:00 · 2010-08-23 14:22:54 +02:00 · 5ff8c62707
parent e6f3ef1330
commit 5ff8c62707
1 changed files with 6 additions and 0 deletions
--- a/src/libcharon/plugins/eap_tls/eap_tls.c
+++ b/src/libcharon/plugins/eap_tls/eap_tls.c
@ -382,6 +382,12 @@ METHOD(eap_method_t, process, status_t,
 	{
 		*out = read_buf(this, pkt->identifier);
 	}
+	else if (status == FAILED && !this->is_server)
+	{	/* client sends an empty TLS message, waits for a EAP-Failure */
+		chunk_free(&this->output);
+		*out = read_buf(this, pkt->identifier);
+		return NEED_MORE;
+	}
 	return status;
 }