DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

EAP-TLS peer: Fix protected success indication check for resumed session

Browse source 
The internal flag prot_success_received was not cleared between the
sessions and that resulted in the resumed session not mandating the
protected success indication to be received. Fix this by clearing the
internal flag so that the EAP-TLS handshake using session resumption
with TLS 1.3 takes care of the required check before marking the
authentication successfully completed. This will make the EAP-TLS peer
reject an EAP-Success message should it be received without the
protected success indication.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2022-05-02 16:23:20 +03:00 committed by Jouni Malinen
parent 1c66276d9a
commit 2be1bcaf74
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/eap_peer/eap_tls.c
View file

@ -341,6 +341,7 @@ static void eap_tls_deinit_for_reauth(struct eap_sm *sm, void *priv)
wpabuf_free(data->pending_resp);
data->pending_resp = NULL;
data->prot_success_received = false;
}