DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

EAP-TLS server: Send final TLS message for resumed session with TLS 1.3

Browse source 
The final message with NewSessionTicket and ApplicationData(0x00) was
already generated, but that was not sent out due the session considered
to be already completed. Fix this by actually sending out that message
to allow the peer to receive the new session ticket and protected
success indication when using resuming a session with TLS 1.3.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2022-05-02 16:19:06 +03:00 committed by Jouni Malinen
parent 81e2498889
commit 1c66276d9a
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/eap_server/eap_server_tls.c
View file

@ -306,6 +306,14 @@ static void eap_tls_process(struct eap_sm *sm, void *priv,
wpa_printf(MSG_DEBUG,
"EAP-TLS: Resuming previous session");
if (data->ssl.tls_v13 && data->ssl.tls_out) {
wpa_hexdump_buf(MSG_DEBUG,
"EAP-TLS: Additional data to be sent for TLS 1.3",
data->ssl.tls_out);
return;
}
eap_tls_state(data, SUCCESS);
tls_connection_set_success_data_resumed(data->ssl.conn);
/* TODO: Cache serial number with session and update EAP user