aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2005-05-21 04:16:35 (GMT)
committerJouni Malinen <j@w1.fi>2005-05-21 04:16:35 (GMT)
commit90d9d59b3d4b8400cabe985729cd25efc56a16da (patch)
tree3fe7cc5d15aaa9d0a937d1fb75e7df03176c4ebe
parentbee151c946d138b2962dfa59bee554f079a0d6cf (diff)
downloadhostap-history-90d9d59b3d4b8400cabe985729cd25efc56a16da.zip
hostap-history-90d9d59b3d4b8400cabe985729cd25efc56a16da.tar.gz
hostap-history-90d9d59b3d4b8400cabe985729cd25efc56a16da.tar.bz2
Merged from CVS trunk into hostap_0_3_branch:
PatchSet 2601 Date: 2005/05/21 05:12:42 Author: jm Branch: HEAD Tag: (none) Log: At least one RADIUS server (Aegis v1.1.6; but not v1.1.4) seems to be terminating PEAPv1 session resumption with outer EAP-Success. This does not seem to follow draft-josefsson-pppext-eap-tls-eap-05.txt section 4.2, so only allow this if EAP workarounds are enabled. This can be disabled with eap_workaround=0. Members: wpa_supplicant/ChangeLog:1.153->1.154 wpa_supplicant/eap_peap.c:1.54->1.55
-rw-r--r--wpa_supplicant/ChangeLog3
-rw-r--r--wpa_supplicant/eap_peap.c19
2 files changed, 22 insertions, 0 deletions
diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog
index 5cd8df9..6123efd 100644
--- a/wpa_supplicant/ChangeLog
+++ b/wpa_supplicant/ChangeLog
@@ -14,6 +14,9 @@ ChangeLog for wpa_supplicant
* driver_madwifi: fixed association in plaintext mode
* driver_madwifi: added preliminary support for compiling against 'BSD'
branch of madwifi CVS tree
+ * added EAP workaround for PEAPv1 session resumption: allow outer,
+ i.e., not tunneled, EAP-Success to terminate session since; this can
+ be disabled with eap_workaround=0
2005-02-13 - v0.3.8
* fixed EAPOL-Key validation to drop packets with invalid Key Data
diff --git a/wpa_supplicant/eap_peap.c b/wpa_supplicant/eap_peap.c
index 7aaca84..8ca8ab2 100644
--- a/wpa_supplicant/eap_peap.c
+++ b/wpa_supplicant/eap_peap.c
@@ -732,6 +732,25 @@ static u8 * eap_peap_process(struct eap_sm *sm, void *priv,
wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to "
"derive key");
}
+
+ if (sm->workaround && data->peap_version == 1 &&
+ data->resuming) {
+ /*
+ * At least one RADIUS server (Aegis v1.1.6;
+ * but not v1.1.4) seems to be terminating
+ * PEAPv1 session resumption with outer
+ * EAP-Success. This does not seem to follow
+ * draft-josefsson-pppext-eap-tls-eap-05.txt
+ * section 4.2, so only allow this if EAP
+ * workarounds are enabled.
+ */
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Workaround - "
+ "allow outer EAP-Success to "
+ "terminate PEAPv1 resumption");
+ ret->decision = DECISION_COND_SUCC;
+ data->phase2_success = 1;
+ }
+
data->resuming = 0;
}
}