aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer/eap_fast.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2012-08-17 19:26:28 (GMT)
committerJouni Malinen <j@w1.fi>2012-08-17 19:26:28 (GMT)
commitc22075e144f6a7928ec987d58f680a311ff7d853 (patch)
tree6014715e3d5e2d7f37b40d57bc2272d949e9be04 /src/eap_peer/eap_fast.c
parentf210493b6e82cd1aca6e4be3aec8e0e0b80a7cf8 (diff)
downloadhostap-c22075e144f6a7928ec987d58f680a311ff7d853.zip
hostap-c22075e144f6a7928ec987d58f680a311ff7d853.tar.gz
hostap-c22075e144f6a7928ec987d58f680a311ff7d853.tar.bz2
Disable TLS Session Ticket extension by default for EAP-TLS/PEAP/TTLS
Some deployed authentication servers seem to be unable to handle the TLS Session Ticket extension (they are supposed to ignore unrecognized TLS extensions, but end up rejecting the ClientHello instead). As a workaround, disable use of TLS Sesson Ticket extension for EAP-TLS, EAP-PEAP, and EAP-TTLS (EAP-FAST uses session ticket, so any server that supports EAP-FAST does not need this workaround). Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_peer/eap_fast.c')
-rw-r--r--src/eap_peer/eap_fast.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/eap_peer/eap_fast.c b/src/eap_peer/eap_fast.c
index 31d9f7c..7ca5288 100644
--- a/src/eap_peer/eap_fast.c
+++ b/src/eap_peer/eap_fast.c
@@ -169,7 +169,7 @@ static void * eap_fast_init(struct eap_sm *sm)
data->phase2_type.vendor = EAP_VENDOR_IETF;
data->phase2_type.method = EAP_TYPE_NONE;
- if (eap_peer_tls_ssl_init(sm, &data->ssl, config)) {
+ if (eap_peer_tls_ssl_init(sm, &data->ssl, config, EAP_TYPE_FAST)) {
wpa_printf(MSG_INFO, "EAP-FAST: Failed to initialize SSL.");
eap_fast_deinit(sm, data);
return NULL;