blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-10 09:39:10 -04:00
Code Issues Projects Releases Wiki Activity

EAP-TLS peer: Allow NewSessionTicket after Client Finished with TLS v1.3

Browse Source 
The EAP session cannot be marked fully completed on sending Client
Finished with TLS v1.3 since the server may still send NewSessionTicket
before EAP-Success.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2018-05-01 17:51:34 +03:00 committed by Sarvesh Bodakhe
parent 6a83540ae0
commit 34a8628d4e
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
components/wpa_supplicant/src/eap_peer/eap_tls.c
View File

@ -119,8 +119,15 @@ static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data,
return;
}
ret->methodState = METHOD_DONE;
ret->decision = DECISION_UNCOND_SUCC;
if (data->ssl.tls_v13) {
/* A possible NewSessionTicket may be received before
* EAP-Success, so need to allow it to be received. */
ret->methodState = METHOD_MAY_CONT;
ret->decision = DECISION_COND_SUCC;
} else {
ret->methodState = METHOD_DONE;
ret->decision = DECISION_UNCOND_SUCC;
}
os_free(data->key_data);
data->key_data = eap_peer_tls_derive_key(sm, &data->ssl,