The new TLS wrapper use may end up returning alert data and we need to make sure here that it does not end up getting interpreted as success due to non-NULL response.
@@ -254,6 +254,12 @@ int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
wpa_printf(MSG_INFO, "SSL: TLS processing failed");
return -1;
}
+ if (tls_connection_get_failed(sm->ssl_ctx, data->conn)) {
+ /* TLS processing has failed - return error */
+ wpa_printf(MSG_DEBUG, "SSL: Failed - out_buf available to "
+ "report error");
+ return -1;
+ }
return 0;
Jouni Malinen