Only reject nested TLS if the eap method is TLS

author Nick Porter <nick@portercomputing.co.uk>

Wed, 13 Nov 2024 14:26:27 +0000 (14:26 +0000)

committer Nick Porter <nick@portercomputing.co.uk>

Wed, 13 Nov 2024 17:07:47 +0000 (17:07 +0000)
author Nick Porter <nick@portercomputing.co.uk>
Wed, 13 Nov 2024 14:26:27 +0000 (14:26 +0000)
committer Nick Porter <nick@portercomputing.co.uk>
Wed, 13 Nov 2024 17:07:47 +0000 (17:07 +0000)
diff --git a/src/modules/rlm_eap/rlm_eap.c b/src/modules/rlm_eap/rlm_eap.c

index f68982e8e897dfd60ea714546b2008b4040c414c..96e0a6ea4b78414bd3e5a333e1bad5eea7a86caa 100644 (file)
--- a/src/modules/rlm_eap/rlm_eap.c
+++ b/src/modules/rlm_eap/rlm_eap.c
@@ -606,7 +606,7 @@ static unlang_action_t eap_method_select(rlm_rcode_t *p_result, module_ctx_t con
          *      parent.  If the outer session exists, and doesn't have
          *      a home server, then it's multiple layers of tunneling.
          */
-       if (eap_session->request->parent &&
+       if (type->num == FR_EAP_METHOD_TLS && eap_session->request->parent &&
             eap_session->request->parent->parent) {
                 RERROR("Multiple levels of TLS nesting are invalid");
                 goto is_invalid;
author	Nick Porter <nick@portercomputing.co.uk>
	Wed, 13 Nov 2024 14:26:27 +0000 (14:26 +0000)
committer	Nick Porter <nick@portercomputing.co.uk>
	Wed, 13 Nov 2024 17:07:47 +0000 (17:07 +0000)