From: Martin Willi <martin@revosec.ch>
Date: Tue, 24 Aug 2010 06:41:12 +0000 (+0200)
Subject: Client sends empty EAP-TTLS packet on fatal alerts to properly shut down TLS
X-Git-Tag: 4.5.0~419
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f55f9c4e1ed1b0cfdd9e0ae75b4b76ec22ff80b4;p=thirdparty%2Fstrongswan.git

Client sends empty EAP-TTLS packet on fatal alerts to properly shut down TLS
---

diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c
index d7372fe760..35a529091c 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c
@@ -338,6 +338,12 @@ METHOD(eap_method_t, process, status_t,
 	{
 		*out = read_buf(this, pkt->identifier);
 	}
+	else if (status == FAILED && !this->is_server)
+	{	/* client sends an empty TLS message, waits for a EAP-Failure */
+		chunk_free(&this->output);
+		*out = read_buf(this, pkt->identifier);
+		return NEED_MORE;
+	}
 	return status;
 }