EAP-TEAP (client): Allow Phase 2 to be skipped if certificate is used
The EAP-TEAP server may skip Phase 2 if the client authentication could be completed during Phase 1 based on client certificate. Handle this similarly to the case of PAC use. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
9593ce6587
commit
5196293926
1 changed files with 9 additions and 0 deletions
|
@ -1388,6 +1388,15 @@ static int eap_teap_process_decrypted(struct eap_sm *sm,
|
||||||
"EAP-TEAP: PAC used - server may decide to skip inner authentication");
|
"EAP-TEAP: PAC used - server may decide to skip inner authentication");
|
||||||
ret->methodState = METHOD_MAY_CONT;
|
ret->methodState = METHOD_MAY_CONT;
|
||||||
ret->decision = DECISION_COND_SUCC;
|
ret->decision = DECISION_COND_SUCC;
|
||||||
|
} else if (data->result_success_done &&
|
||||||
|
tls_connection_get_own_cert_used(data->ssl.conn) &&
|
||||||
|
eap_teap_derive_msk(data) == 0) {
|
||||||
|
/* Assume the server might accept authentication without going
|
||||||
|
* through inner authentication. */
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"EAP-TEAP: Client certificate used - server may decide to skip inner authentication");
|
||||||
|
ret->methodState = METHOD_MAY_CONT;
|
||||||
|
ret->decision = DECISION_COND_SUCC;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tlv.pac) {
|
if (tlv.pac) {
|
||||||
|
|
Loading…
Reference in a new issue