From 2574634b7f47ab584ce43f62f67a6fef06bd3b6b Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 20 Dec 2009 19:11:43 +0200 Subject: [PATCH] Check TLS status on EAP server during handshake The new TLS wrapper use may end up returning alert data and we need to make sure here that it does not end up getting interpreted as success due to non-NULL response. --- src/eap_server/eap_tls_common.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/eap_server/eap_tls_common.c b/src/eap_server/eap_tls_common.c index c4c7806ed..7a2c76a26 100644 --- a/src/eap_server/eap_tls_common.c +++ b/src/eap_server/eap_tls_common.c @@ -254,6 +254,12 @@ int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data) wpa_printf(MSG_INFO, "SSL: TLS processing failed"); return -1; } + if (tls_connection_get_failed(sm->ssl_ctx, data->conn)) { + /* TLS processing has failed - return error */ + wpa_printf(MSG_DEBUG, "SSL: Failed - out_buf available to " + "report error"); + return -1; + } return 0; }