From: Martin Willi <martin@revosec.ch>
Date: Thu, 30 Aug 2012 09:13:02 +0000 (+0200)
Subject: Don't allow NULL encryption with PEAP
X-Git-Tag: 5.0.1~110
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ab2c989c32c32384814d6ff5b5e031b35bd61864;p=thirdparty%2Fstrongswan.git

Don't allow NULL encryption with PEAP
---

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 820ae74de4..725e9b1ca8 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1752,10 +1752,12 @@ tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache)
 	switch (tls->get_purpose(tls))
 	{
 		case TLS_PURPOSE_EAP_TLS:
-		case TLS_PURPOSE_EAP_PEAP:
 			/* MSK PRF ASCII constant label according to EAP-TLS RFC 5216 */
 			this->msk_label = "client EAP encryption";
 			build_cipher_suite_list(this, FALSE);
+		case TLS_PURPOSE_EAP_PEAP:
+			this->msk_label = "client EAP encryption";
+			build_cipher_suite_list(this, TRUE);
 			break;
 		case TLS_PURPOSE_EAP_TTLS:
 			/* MSK PRF ASCII constant label according to EAP-TTLS RFC 5281 */