From: Martin Willi Date: Mon, 23 Aug 2010 12:22:54 +0000 (+0200) Subject: EAP-TLS clients send an empty packet on failure to properly shut down a TLS session X-Git-Tag: 4.5.0~424 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5ff8c62707530031b0e05345bd496154738542a6;p=thirdparty%2Fstrongswan.git EAP-TLS clients send an empty packet on failure to properly shut down a TLS session --- diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c index fa0babe26f..77458007eb 100644 --- a/src/libcharon/plugins/eap_tls/eap_tls.c +++ b/src/libcharon/plugins/eap_tls/eap_tls.c @@ -382,6 +382,12 @@ METHOD(eap_method_t, process, status_t, { *out = read_buf(this, pkt->identifier); } + else if (status == FAILED && !this->is_server) + { /* client sends an empty TLS message, waits for a EAP-Failure */ + chunk_free(&this->output); + *out = read_buf(this, pkt->identifier); + return NEED_MORE; + } return status; }