}
data->state = START;
- if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
+ if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_FAST)) {
wpa_printf(MSG_INFO, "EAP-FAST: Failed to initialize SSL.");
eap_fast_reset(sm, data);
return NULL;
data->state = START;
data->crypto_binding = OPTIONAL_BINDING;
- if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
+ if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_PEAP)) {
wpa_printf(MSG_INFO, "EAP-PEAP: Failed to initialize SSL.");
eap_peap_reset(sm, data);
return NULL;
return NULL;
data->state = START;
- if (eap_server_tls_ssl_init(sm, &data->ssl, 1)) {
+ if (eap_server_tls_ssl_init(sm, &data->ssl, 1, EAP_TYPE_TLS)) {
wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
eap_tls_reset(sm, data);
return NULL;
return NULL;
data->state = START;
- if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
+ if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_UNAUTH_TLS_TYPE)) {
wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
eap_tls_reset(sm, data);
return NULL;
return NULL;
data->state = START;
- if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
+ if (eap_server_tls_ssl_init(sm, &data->ssl, 0,
+ EAP_WFA_UNAUTH_TLS_TYPE)) {
wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
eap_tls_reset(sm, data);
return NULL;
int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
- int verify_peer)
+ int verify_peer, int eap_type)
{
unsigned int flags = 0;
#endif /* CONFIG_TESTING_OPTIONS */
#endif /* CONFIG_TLS_INTERNAL */
+ if (eap_type != EAP_TYPE_FAST)
+ flags |= TLS_CONN_DISABLE_SESSION_TICKET;
if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer,
flags, NULL, 0)) {
wpa_printf(MSG_INFO, "SSL: Failed to configure verification "
data->ttls_version = EAP_TTLS_VERSION;
data->state = START;
- if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
+ if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_TTLS)) {
wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL.");
eap_ttls_reset(sm, data);
return NULL;
struct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len,
u8 code, u8 identifier);
int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
- int verify_peer);
+ int verify_peer, int eap_type);
void eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data);
u8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
char *label, size_t len);