diff options
| author | Jouni Malinen <j@w1.fi> | 2005-05-21 04:16:35 (GMT) |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2005-05-21 04:16:35 (GMT) |
| commit | 90d9d59b3d4b8400cabe985729cd25efc56a16da (patch) | |
| tree | 3fe7cc5d15aaa9d0a937d1fb75e7df03176c4ebe | |
| parent | bee151c946d138b2962dfa59bee554f079a0d6cf (diff) | |
| download | hostap-history-90d9d59b3d4b8400cabe985729cd25efc56a16da.zip hostap-history-90d9d59b3d4b8400cabe985729cd25efc56a16da.tar.gz hostap-history-90d9d59b3d4b8400cabe985729cd25efc56a16da.tar.bz2 | |
Merged from CVS trunk into hostap_0_3_branch:
PatchSet 2601
Date: 2005/05/21 05:12:42
Author: jm
Branch: HEAD
Tag: (none)
Log:
At least one RADIUS server (Aegis v1.1.6; but not v1.1.4) seems to be
terminating PEAPv1 session resumption with outer EAP-Success. This
does not seem to follow draft-josefsson-pppext-eap-tls-eap-05.txt
section 4.2, so only allow this if EAP workarounds are enabled. This
can be disabled with eap_workaround=0.
Members:
wpa_supplicant/ChangeLog:1.153->1.154
wpa_supplicant/eap_peap.c:1.54->1.55
| -rw-r--r-- | wpa_supplicant/ChangeLog | 3 | ||||
| -rw-r--r-- | wpa_supplicant/eap_peap.c | 19 |
2 files changed, 22 insertions, 0 deletions
diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog index 5cd8df9..6123efd 100644 --- a/wpa_supplicant/ChangeLog +++ b/wpa_supplicant/ChangeLog @@ -14,6 +14,9 @@ ChangeLog for wpa_supplicant * driver_madwifi: fixed association in plaintext mode * driver_madwifi: added preliminary support for compiling against 'BSD' branch of madwifi CVS tree + * added EAP workaround for PEAPv1 session resumption: allow outer, + i.e., not tunneled, EAP-Success to terminate session since; this can + be disabled with eap_workaround=0 2005-02-13 - v0.3.8 * fixed EAPOL-Key validation to drop packets with invalid Key Data diff --git a/wpa_supplicant/eap_peap.c b/wpa_supplicant/eap_peap.c index 7aaca84..8ca8ab2 100644 --- a/wpa_supplicant/eap_peap.c +++ b/wpa_supplicant/eap_peap.c @@ -732,6 +732,25 @@ static u8 * eap_peap_process(struct eap_sm *sm, void *priv, wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to " "derive key"); } + + if (sm->workaround && data->peap_version == 1 && + data->resuming) { + /* + * At least one RADIUS server (Aegis v1.1.6; + * but not v1.1.4) seems to be terminating + * PEAPv1 session resumption with outer + * EAP-Success. This does not seem to follow + * draft-josefsson-pppext-eap-tls-eap-05.txt + * section 4.2, so only allow this if EAP + * workarounds are enabled. + */ + wpa_printf(MSG_DEBUG, "EAP-PEAP: Workaround - " + "allow outer EAP-Success to " + "terminate PEAPv1 resumption"); + ret->decision = DECISION_COND_SUCC; + data->phase2_success = 1; + } + data->resuming = 0; } } |