mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
EAP-TEAP (client): Allow Phase 2 to be skipped if certificate is used
The EAP-TEAP server may skip Phase 2 if the client authentication could be completed during Phase 1 based on client certificate. Handle this similarly to the case of PAC use. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
9593ce6587
commit
5196293926
@ -1388,6 +1388,15 @@ static int eap_teap_process_decrypted(struct eap_sm *sm,
|
||||
"EAP-TEAP: PAC used - server may decide to skip inner authentication");
|
||||
ret->methodState = METHOD_MAY_CONT;
|
||||
ret->decision = DECISION_COND_SUCC;
|
||||
} else if (data->result_success_done &&
|
||||
tls_connection_get_own_cert_used(data->ssl.conn) &&
|
||||
eap_teap_derive_msk(data) == 0) {
|
||||
/* Assume the server might accept authentication without going
|
||||
* through inner authentication. */
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-TEAP: Client certificate used - server may decide to skip inner authentication");
|
||||
ret->methodState = METHOD_MAY_CONT;
|
||||
ret->decision = DECISION_COND_SUCC;
|
||||
}
|
||||
|
||||
if (tlv.pac) {
|
||||
|
Loading…
Reference in New Issue
Block a user