summaryrefslogtreecommitdiffstats
path: root/contrib/hostapd/eap_tls_common.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/hostapd/eap_tls_common.c')
-rw-r--r--contrib/hostapd/eap_tls_common.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/contrib/hostapd/eap_tls_common.c b/contrib/hostapd/eap_tls_common.c
index ca10eca..d573064 100644
--- a/contrib/hostapd/eap_tls_common.c
+++ b/contrib/hostapd/eap_tls_common.c
@@ -38,8 +38,7 @@ int eap_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
return -1;
}
- if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer,
- NULL)) {
+ if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer)) {
wpa_printf(MSG_INFO, "SSL: Failed to configure verification "
"of TLS peer certificate");
tls_connection_deinit(sm->ssl_ctx, data->conn);
@@ -185,6 +184,13 @@ int eap_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
wpa_printf(MSG_DEBUG, "SSL: No data to be sent out");
free(data->tls_out);
data->tls_out = NULL;
+
+ if (tls_connection_get_read_alerts(sm->ssl_ctx, data->conn)) {
+ wpa_printf(MSG_DEBUG, "SSL: Remote end sent a fatal "
+ "alert - abort handshake");
+ return -1;
+ }
+
return 1;
}
OpenPOWER on IntegriCloud