Client sends empty EAP-TTLS packet on fatal alerts to properly shut down TLS

2010-08-24 08:41:12 +02:00 · 2010-08-24 08:41:12 +02:00 · f55f9c4e1e
parent c5142f110e
commit f55f9c4e1e
1 changed files with 6 additions and 0 deletions
--- a/src/libcharon/plugins/eap_ttls/eap_ttls.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c
@ -338,6 +338,12 @@ METHOD(eap_method_t, process, status_t,
 	{
 		*out = read_buf(this, pkt->identifier);
 	}
+	else if (status == FAILED && !this->is_server)
+	{	/* client sends an empty TLS message, waits for a EAP-Failure */
+		chunk_free(&this->output);
+		*out = read_buf(this, pkt->identifier);
+		return NEED_MORE;
+	}
 	return status;
 }