DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Disable TLS Session Ticket extension by default for EAP-TLS/PEAP/TTLS

Browse source 
Some deployed authentication servers seem to be unable to handle the TLS
Session Ticket extension (they are supposed to ignore unrecognized TLS
extensions, but end up rejecting the ClientHello instead). As a
workaround, disable use of TLS Sesson Ticket extension for EAP-TLS,
EAP-PEAP, and EAP-TTLS (EAP-FAST uses session ticket, so any server that
supports EAP-FAST does not need this workaround).

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2012-08-17 22:26:28 +03:00
parent f210493b6e
commit c22075e144
6 changed files with 25 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/eap_peer/eap_tls_common.h
View file

@ -68,6 +68,11 @@ struct eap_ssl_data {
* ssl_ctx - TLS library context to use for the connection
*/
void *ssl_ctx;
/**
* eap_type - EAP method used in Phase 1 (EAP_TYPE_TLS/PEAP/TTLS/FAST)
*/
u8 eap_type;
};
@ -82,7 +87,7 @@ struct eap_ssl_data {
int eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
struct eap_peer_config *config);
struct eap_peer_config *config, u8 eap_type);
void eap_peer_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data);
u8 * eap_peer_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
const char *label, size_t len);