Hi Joey: Could you please provide more details on this find and how it gets triggered (test scenario, conditions, example config). If your find is valid (per feedback from freeRADIUS authors then this serious flaw should be patched asap!) Thanks.
Regards, Mohammed. Mohammed H. Petiwala Senior Staff Engineer iDEN-WLAN, Motorola Inc. --- Joey Nix <[EMAIL PROTECTED]> wrote: > Hi there, > > I've found a bug in the rlm_eap_tls module. > > Which is created by the following commit (CVS): > File: eap_tls.c > Revision: 1.178 > Changes since 1.16: +6 -1 lines > Comment: Try to handle the case where we get an ACK > after sending the last fragment > > http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/src/modules/rlm_eap/types/rlm_eap_tls/eap_tls.c.diff?r1=1.16&r2=1.17&f=H > > After sending fragments and receiving a ACK message > it is not per default that Access is granted! > > I thin that EAPTLS_SUCCESS must be replaced with > EAPTLS_REQUEST. > > Test situation: > Untrusted ROOT CA and Client Certificate installed > on a laptop with Windows and the default 802.1x > authentication client, the certificate must be > bigger than the size of one fragment! And the > authorize/authentication will loop with access to > the network. > > Greetings, > > Joey > > _____________________________________________________________ > GRATIS LEUK EMAILADRES! http://www.apennootje.nl > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
