Check TLS status on EAP server during handshake

The new TLS wrapper use may end up returning alert data and we need to
make sure here that it does not end up getting interpreted as success
due to non-NULL response.

diff --git a/src/eap_server/eap_tls_common.c b/src/eap_server/eap_tls_common.c
index c4c7806ed8877530449feeaa2f8ba14592135227..7a2c76a26e96d77bbb914a4a971333c3d3323a05 100644 (file)
--- a/src/eap_server/eap_tls_common.c
+++ b/src/eap_server/eap_tls_common.c
@@ -254,6 +254,12 @@ int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
                wpa_printf(MSG_INFO, "SSL: TLS processing failed");
                return -1;
        }
+       if (tls_connection_get_failed(sm->ssl_ctx, data->conn)) {
+               /* TLS processing has failed - return error */
+               wpa_printf(MSG_DEBUG, "SSL: Failed - out_buf available to "
+                          "report error");
+               return -1;
+       }
 
        return 0;
 }