aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2019-07-12 20:38:05 (GMT)
committerJouni Malinen <j@w1.fi>2019-07-12 20:38:05 (GMT)
commit4e2e1eeb5f9d4e2c46b74241e7b267d09c995247 (patch)
tree56308187b7a7c22a71fcd203ffc1c25fdb57b3d2
parent0ef509f15e1101afebeb7a3b40b5e04c270c43db (diff)
downloadhostap-4e2e1eeb5f9d4e2c46b74241e7b267d09c995247.zip
hostap-4e2e1eeb5f9d4e2c46b74241e7b267d09c995247.tar.gz
hostap-4e2e1eeb5f9d4e2c46b74241e7b267d09c995247.tar.bz2
EAP-TLS peer: Handle possible application data at the end
EAP-TLS with TLS 1.3 uses an empty application data record from the server to indicate end of the exchange, so EAP-TLS peer will need to check for this special case and finish the exchange with an empty EAP-TLS (ACK) so that the server can send out EAP-Success. Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--src/eap_peer/eap_tls.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/eap_peer/eap_tls.c b/src/eap_peer/eap_tls.c
index b7e76d9..15d60d7 100644
--- a/src/eap_peer/eap_tls.c
+++ b/src/eap_peer/eap_tls.c
@@ -296,6 +296,18 @@ static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv,
return NULL;
}
+ if (res == 2) {
+ /* Application data included in the handshake message (used by
+ * EAP-TLS 1.3 to indicate conclusion of the exchange). */
+ wpa_hexdump_buf(MSG_DEBUG, "EAP-TLS: Received Application Data",
+ resp);
+ wpa_hexdump_buf(MSG_DEBUG, "EAP-TLS: Remaining tls_out data",
+ data->ssl.tls_out);
+ eap_peer_tls_reset_output(&data->ssl);
+ /* Send an ACK to allow the server to complete exchange */
+ res = 1;
+ }
+
if (tls_connection_established(data->ssl_ctx, data->ssl.conn))
eap_tls_success(sm, data, ret);