On Nov 18, 2003, at 12:45 PM, Alan DeKok wrote:
Andreas Wolf <[EMAIL PROTECTED]> wrote:Patch #3 was addressed (I thought) by changes to ttls.c on Nov. 6.
I saw your check-in but I still got an error ("Diameter Attribute overflows packet!"). However, by examining the tunneled attributes the data seemed to be correct. I think 'data_len' needs to be adjusted when the padding (rounding up to the nearest 4 byte boundary) is in effect. I think in this case 'data_len < length' is true.
Ah. The client implementation is broken. They SHOULD have been padding the data structure to a 4 octet boundary.
You are right. The Panther supplicant for 802.1X is currently in violation of section 9.2
of the TTLS spec, though that detail is easy to miss, in my opinion. I am confident it'll
be fixed soon.
I'll add a hack in to the server to deal with this. It's ugly, but not terribly so.
Other servers (incl.the Funk Server, Microsoft IAS and Cisco's ACS) must also be doing this already,
so having this hack is probably not too terrible.
(it's ok to mention commercial servers when talking about hacks, right :)
-Andreas
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
