From: Andreas Steffen Date: Wed, 11 Jul 2012 11:06:36 +0000 (+0200) Subject: PB-TNC Client sends empty CLOSE batch only in DECIDED state X-Git-Tag: 5.0.1~419 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1de4af66d56a92165d3f68b1c122a82f030e7ec0;p=thirdparty%2Fstrongswan.git PB-TNC Client sends empty CLOSE batch only in DECIDED state --- diff --git a/src/libcharon/plugins/tnccs_20/tnccs_20.c b/src/libcharon/plugins/tnccs_20/tnccs_20.c index 206f44650b..c99c2d19be 100644 --- a/src/libcharon/plugins/tnccs_20/tnccs_20.c +++ b/src/libcharon/plugins/tnccs_20/tnccs_20.c @@ -609,7 +609,7 @@ METHOD(tls_t, build, status_t, state = this->state_machine->get_state(this->state_machine); - if (this->is_server && this->fatal_error && state == PB_STATE_END) + if (this->fatal_error && state == PB_STATE_END) { DBG1(DBG_TNC, "a fatal PB-TNC error occurred, terminating connection"); return FAILED; @@ -629,19 +629,32 @@ METHOD(tls_t, build, status_t, this->request_handshake_retry = FALSE; } - if (this->batch_type == PB_BATCH_NONE && this->is_server && - state == PB_STATE_SERVER_WORKING) + if (this->batch_type == PB_BATCH_NONE) { - if (this->state_machine->get_empty_cdata(this->state_machine) || - this->recs->have_recommendation(this->recs, NULL, NULL)) + if (this->is_server && state == PB_STATE_SERVER_WORKING) { - check_and_build_recommendation(this); + if (this->state_machine->get_empty_cdata(this->state_machine) || + this->recs->have_recommendation(this->recs, NULL, NULL)) + { + check_and_build_recommendation(this); + } + else + { + DBG2(DBG_TNC, "no recommendation available yet, " + "sending empty PB-TNC SDATA batch"); + this->batch_type = PB_BATCH_SDATA; + } } else - { - DBG2(DBG_TNC, "no recommendation available yet, " - "sending empty PB-TNC SDATA batch"); - this->batch_type = PB_BATCH_SDATA; + { + /** + * In the DECIDED state and if no CRETRY is under way, + * a PB-TNC client replies with an empty CLOSE batch. + */ + if (state == PB_STATE_DECIDED) + { + this->batch_type = PB_BATCH_CLOSE; + } } }