From: Nick Porter <nick@portercomputing.co.uk>
Date: Fri, 1 Nov 2024 14:59:36 +0000 (+0000)
Subject: Don't check content type if it wasn't set by a received message
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c42cfcfe262cad567a808b5ef3a1dee80cb0681c;p=thirdparty%2Ffreeradius-server.git

Don't check content type if it wasn't set by a received message

This is seen in EAP-TTLS-MSCHAPv2, where the final client -> server
message is an ACK with zero data length.
---

diff --git a/src/lib/eap/tls.c b/src/lib/eap/tls.c
index a3cdfae5d04..261c048e06f 100644
--- a/src/lib/eap/tls.c
+++ b/src/lib/eap/tls.c
@@ -531,6 +531,10 @@ static eap_tls_status_t eap_tls_session_status(request_t *request, eap_session_t
 		 *	to the default section below.
 		 */
 	default:
+		/*
+		 *	If the last message was from us, then the session is established
+		 */
+		if (tls_session->info.origin == 1) return EAP_TLS_ESTABLISHED;
 		REDEBUG("Invalid ACK received: %d", tls_session->info.content_type);
 		return EAP_TLS_INVALID;
 	}