Ignore callbacks for pseudo content types. Fixes EAP-TTLS MSCHAPv2 (and possibly...

diff --git a/src/main/cb.c b/src/main/cb.c
index 2f38f772bf5502c508f3c42e1aa092285a3b96c4..f6880a2faa6b3e2ca31b93cf1ed4ebeabf35e95a 100644 (file)
--- a/src/main/cb.c
+++ b/src/main/cb.c
@@ -82,12 +82,27 @@ void cbtls_msg(int write_p, int msg_version, int content_type,
        uint8_t const *buf = inbuf;
        tls_session_t *state = (tls_session_t *)arg;
 
+       /*
+        *      OpenSSL 1.0.2 calls this function with 'pseudo'
+        *      content types.  Which breaks our tracking of
+        *      the SSL Session state.
+        */
+       if ((msg_version == 0) && (content_type > UINT8_MAX)) {
+               DEBUG4("Ignoring cbtls_msg call with pseudo content type %i, version %i",
+                      content_type, msg_version);
+               return;
+       }
+
        /*
         *      Work around bug #298, where we may be called with a NULL
         *      argument.  We should really log a serious error
         */
        if (!state) return;
 
+       /*
+        *      0 - received (from peer)
+        *      1 - sending (to peer)
+        */
        state->info.origin = write_p;
        state->info.content_type = content_type;
        state->info.record_len = len;