Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Clearing session resumption for ownTLS added.

Browse Source 
(Have yet to learn how do you do this for Schannel. Better yet: How do you make Schannel resume a session in the first place.)
This commit is contained in:
Simon Rozman 2016-09-01 14:59:03 +02:00
parent 1e60d21860
commit 56e2448f71
2 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/TLS/src/Method.cpp
View File

@ -580,6 +580,8 @@ void eap::method_tls::get_result(
// Mark credentials as failed, so GUI can re-prompt user. // Mark credentials as failed, so GUI can re-prompt user.
// But be careful: do so only if this happened after transition from handshake to application data phase. // But be careful: do so only if this happened after transition from handshake to application data phase.
m_cfg.m_auth_failed = m_phase_prev < phase_application_data && m_phase >= phase_application_data; m_cfg.m_auth_failed = m_phase_prev < phase_application_data && m_phase >= phase_application_data;
// TODO: Research how a Schannel session context can be cleared not to resume.
#endif #endif
// Do not report failure to EapHost, as it will not save updated configuration then. But we need it to save it, to alert user on next connection attempt. // Do not report failure to EapHost, as it will not save updated configuration then. But we need it to save it, to alert user on next connection attempt.
@ -1134,11 +1136,7 @@ void eap::method_tls::process_handshake()
}, },
{ 0, SECBUFFER_EMPTY, NULL }, { 0, SECBUFFER_EMPTY, NULL },
}; };
SecBufferDesc buf_in_desc = { SecBufferDesc buf_in_desc = { SECBUFFER_VERSION, _countof(buf_in), buf_in };
SECBUFFER_VERSION,
_countof(buf_in),
buf_in
};
// Prepare output buffer(s). // Prepare output buffer(s).
SecBuffer buf_out[] = { SecBuffer buf_out[] = {

15
lib/TTLS/src/Method.cpp
View File

@ -147,12 +147,15 @@ void eap::method_ttls::get_result(
#endif #endif
method_tls::get_result(EapPeerMethodResultSuccess, ppResult); method_tls::get_result(EapPeerMethodResultSuccess, ppResult);
// Do not report failure to EapHost, as it will not save updated configuration then. But we need it to save it, to alert user on next connection attempt. if (reason == EapPeerMethodResultFailure) {
// EapHost is well aware of the failed condition. // Clear session resumption data.
//if (reason == EapPeerMethodResultFailure) { #if EAP_TLS < EAP_TLS_SCHANNEL
// ppResult->fIsSuccess = FALSE; m_cfg.m_session_id.clear();
// ppResult->dwFailureReasonCode = EAP_E_AUTHENTICATION_FAILED; m_cfg.m_master_secret.clear();
//} #else
// TODO: Research how a Schannel session context can be cleared not to resume.
#endif
}
} }
} }