Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-25 08:48:31 -05:00
Code Issues Projects Releases Wiki Activity

EAP-TEAP (client): Allow Phase 2 to be skipped if certificate is used

Browse Source 
The EAP-TEAP server may skip Phase 2 if the client authentication could
be completed during Phase 1 based on client certificate. Handle this
similarly to the case of PAC use.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2020-06-20 18:05:46 +03:00
parent 9593ce6587
commit 5196293926
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/eap_peer/eap_teap.c
View File

@ -1388,6 +1388,15 @@ static int eap_teap_process_decrypted(struct eap_sm *sm,
"EAP-TEAP: PAC used - server may decide to skip inner authentication"); "EAP-TEAP: PAC used - server may decide to skip inner authentication");
ret->methodState = METHOD_MAY_CONT; ret->methodState = METHOD_MAY_CONT;
ret->decision = DECISION_COND_SUCC; ret->decision = DECISION_COND_SUCC;
} else if (data->result_success_done &&
tls_connection_get_own_cert_used(data->ssl.conn) &&
eap_teap_derive_msk(data) == 0) {
/* Assume the server might accept authentication without going
* through inner authentication. */
wpa_printf(MSG_DEBUG,
"EAP-TEAP: Client certificate used - server may decide to skip inner authentication");
ret->methodState = METHOD_MAY_CONT;
ret->decision = DECISION_COND_SUCC;
} }
if (tlv.pac) { if (tlv.pac) {