From 2be1bcaf7433a4211028db377b026aa0d4ee063e Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 2 May 2022 16:23:20 +0300 Subject: [PATCH] EAP-TLS peer: Fix protected success indication check for resumed session The internal flag prot_success_received was not cleared between the sessions and that resulted in the resumed session not mandating the protected success indication to be received. Fix this by clearing the internal flag so that the EAP-TLS handshake using session resumption with TLS 1.3 takes care of the required check before marking the authentication successfully completed. This will make the EAP-TLS peer reject an EAP-Success message should it be received without the protected success indication. Signed-off-by: Jouni Malinen --- src/eap_peer/eap_tls.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/eap_peer/eap_tls.c b/src/eap_peer/eap_tls.c index 2d50dd90e..4167e992b 100644 --- a/src/eap_peer/eap_tls.c +++ b/src/eap_peer/eap_tls.c @@ -341,6 +341,7 @@ static void eap_tls_deinit_for_reauth(struct eap_sm *sm, void *priv) wpabuf_free(data->pending_resp); data->pending_resp = NULL; + data->prot_success_received = false; }