From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 14 Jan 2021 17:02:00 +0000 (+0100)
Subject: tls-eap: Conclude EAP method also after processing packets
X-Git-Tag: 5.9.2rc1~23^2~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=083f38259c79ee5d1ac443bbfd0146c1fa03978e;p=thirdparty%2Fstrongswan.git

tls-eap: Conclude EAP method also after processing packets

With TLS 1.3, the server sends its Finished message first, so the
session is complete after processing the client's Finished message,
without having to send anything else (in particular no acknowledgement
as the last message from the client is no fragment).
---

diff --git a/src/libtls/tls_eap.c b/src/libtls/tls_eap.c
index 12d5aed53b..196cf92fee 100644
--- a/src/libtls/tls_eap.c
+++ b/src/libtls/tls_eap.c
@@ -394,6 +394,10 @@ METHOD(tls_eap_t, process, status_t,
 	switch (status)
 	{
 		case INVALID_STATE:
+			if (this->tls->is_complete(this->tls))
+			{
+				return SUCCESS;
+			}
 			*out = create_ack(this);
 			return NEED_MORE;
 		case FAILED: