Do not try session resumption after EAP failure
If session resumption fails for any reason, do not try it again because that is just likely to fail. Instead, drop back to using full authentication which may work. This is a workaround for servers that do not like session resumption, but do not know how to fall back to full authentication properly.
This commit is contained in:
Jouni Malinen
parent
c511c8c6e0
commit
f2d8fc3d96
2 changed files with 7 additions and 1 deletions
|
|
@ -134,7 +134,8 @@ SM_STATE(EAP, INITIALIZE)
|
|||
{
|
||||
SM_ENTRY(EAP, INITIALIZE);
|
||||
if (sm->fast_reauth && sm->m && sm->m->has_reauth_data &&
|
||||
sm->m->has_reauth_data(sm, sm->eap_method_priv)) {
|
||||
sm->m->has_reauth_data(sm, sm->eap_method_priv) &&
|
||||
!sm->prev_failure) {
|
||||
wpa_printf(MSG_DEBUG, "EAP: maintaining EAP method data for "
|
||||
"fast reauthentication");
|
||||
sm->m->deinit_for_reauth(sm, sm->eap_method_priv);
|
||||
|
|
@ -165,6 +166,7 @@ SM_STATE(EAP, INITIALIZE)
|
|||
eapol_set_bool(sm, EAPOL_eapResp, FALSE);
|
||||
eapol_set_bool(sm, EAPOL_eapNoResp, FALSE);
|
||||
sm->num_rounds = 0;
|
||||
sm->prev_failure = 0;
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -505,6 +507,8 @@ SM_STATE(EAP, FAILURE)
|
|||
|
||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
|
||||
"EAP authentication failed");
|
||||
|
||||
sm->prev_failure = 1;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -333,6 +333,8 @@ struct eap_sm {
|
|||
int force_disabled;
|
||||
|
||||
struct wps_context *wps;
|
||||
|
||||
int prev_failure;
|
||||
};
|
||||
|
||||
const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);
|
||||
|
|
|
|||
Loading…
Reference in a new issue