From: Jouni Malinen <j@w1.fi>
Date: Sun, 20 Dec 2009 17:11:43 +0000 (+0200)
Subject: Check TLS status on EAP server during handshake
X-Git-Tag: hostap_0_7_1~282
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2574634b7f47ab584ce43f62f67a6fef06bd3b6b;p=thirdparty%2Fhostap.git

Check TLS status on EAP server during handshake

The new TLS wrapper use may end up returning alert data and we need to
make sure here that it does not end up getting interpreted as success
due to non-NULL response.
---

diff --git a/src/eap_server/eap_tls_common.c b/src/eap_server/eap_tls_common.c
index c4c7806ed..7a2c76a26 100644
--- a/src/eap_server/eap_tls_common.c
+++ b/src/eap_server/eap_tls_common.c
@@ -254,6 +254,12 @@ int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
 		wpa_printf(MSG_INFO, "SSL: TLS processing failed");
 		return -1;
 	}
+	if (tls_connection_get_failed(sm->ssl_ctx, data->conn)) {
+		/* TLS processing has failed - return error */
+		wpa_printf(MSG_DEBUG, "SSL: Failed - out_buf available to "
+			   "report error");
+		return -1;
+	}
 
 	return 0;
 }