From 96a97dc9596c615c900b3ffab430d97200a4c3ee Mon Sep 17 00:00:00 2001 From: Tim Kourt Date: Mon, 11 Nov 2019 16:19:21 -0800 Subject: [PATCH] peap: Adjust V0 not to close tunnel on Success of Phase2 Despite that PEAPv0 spec indicates that TLS tunnel needs to be torn down after the transmission of a secure Result response, some servers treat this TLS close alert as a failure. This patch changes the above behavior to explicitly torn the tunnel only in the case of authentication failure and leave it open after the success. --- src/eap-peap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/eap-peap.c b/src/eap-peap.c index c8949ca2..16ab0319 100644 --- a/src/eap-peap.c +++ b/src/eap-peap.c @@ -182,14 +182,14 @@ static void eap_extensions_handle_request(struct eap_state *eap, eap_peap_phase2_send_response(response, sizeof(response), eap); - eap_tls_common_tunnel_close(eap); - eap_discard_success_and_failure(eap, false); eap_tls_common_set_completed(eap); if (r != EAP_EXTENSIONS_RESULT_SUCCCESS) { eap_tls_common_set_phase2_failed(eap); + eap_tls_common_tunnel_close(eap); + return; }