Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Clearing session resumption for ownTLS added.

Browse Source 
(Have yet to learn how do you do this for Schannel. Better yet: How do you make Schannel resume a session in the first place.)
This commit is contained in:
Simon Rozman 2016-09-01 14:59:03 +02:00
parent 1e60d21860
commit 56e2448f71
2 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/TLS/src/Method.cpp
View File

@ -580,6 +580,8 @@ void eap::method_tls::get_result(
// Mark credentials as failed, so GUI can re-prompt user.
// But be careful: do so only if this happened after transition from handshake to application data phase.
m_cfg.m_auth_failed = m_phase_prev < phase_application_data && m_phase >= phase_application_data;
// TODO: Research how a Schannel session context can be cleared not to resume.
#endif
// Do not report failure to EapHost, as it will not save updated configuration then. But we need it to save it, to alert user on next connection attempt.
@ -1134,11 +1136,7 @@ void eap::method_tls::process_handshake()
},
{ 0, SECBUFFER_EMPTY, NULL },
};
SecBufferDesc buf_in_desc = {
SECBUFFER_VERSION,
_countof(buf_in),
buf_in
};
SecBufferDesc buf_in_desc = { SECBUFFER_VERSION, _countof(buf_in), buf_in };
// Prepare output buffer(s).
SecBuffer buf_out[] = {

15
lib/TTLS/src/Method.cpp
View File

@ -147,12 +147,15 @@ void eap::method_ttls::get_result(
#endif
method_tls::get_result(EapPeerMethodResultSuccess, ppResult);
// Do not report failure to EapHost, as it will not save updated configuration then. But we need it to save it, to alert user on next connection attempt.
// EapHost is well aware of the failed condition.
//if (reason == EapPeerMethodResultFailure) {
// ppResult->fIsSuccess = FALSE;
// ppResult->dwFailureReasonCode = EAP_E_AUTHENTICATION_FAILED;
//}
if (reason == EapPeerMethodResultFailure) {
// Clear session resumption data.
#if EAP_TLS < EAP_TLS_SCHANNEL
m_cfg.m_session_id.clear();
m_cfg.m_master_secret.clear();
#else
// TODO: Research how a Schannel session context can be cleared not to resume.
#endif
}
}
}