3.3.5.4.4 Received Capabilities Method Response

If the currentState variable is set to WAIT_FOR_CAPABILITIES_RESPONSE, then:

  1. If the F flag of the received Capabilities Method Response (section 2.2.8.3.2) packet is set to one and the PEAP server is phase 2 fragmentation-capable, then set isFragmentationAllowed to TRUE, otherwise set isFragmentationAllowed to FALSE.

  2. Validate the Identity stored in the InnerIdentity datum in an implementation-specific manner. If the Identity validation fails, then prepare an EAP TLV Extensions Method packet (section 2.2.8.1) with Result TLV (section 2.2.8.1.2) (with the value field set to 2). Change the currentState datum to FAILURE_TLV_SENT and proceed to step 5.

  3. If isSoHEnabled is set to TRUE, then prepare an SoH EAP Extensions Method (section 2.2.8.2) packet with SoH Request TLV (section 2.2.8.2.1) within it. Change currentState to WAIT_FOR_SOH_RESPONSE and proceed to step 5.

  4. If isSoHEnabled is set to FALSE, then prepare an EAP Request packet with the Type field set to InnerEapType to start the inner EAP method negotiation as described in [RFC3748]. Compress the EAP Request packet as specified in section 3.1.5.6. Change currentState to PHASE2_EAP_INPROGRESS.

  5. Send the packet prepared earlierto the TLS layer for encryption using the EncryptMessage method.

  6. Prepare a PEAP packet by keeping the encrypted data returned by the EncryptMessage method as the Data field of the PEAP packet. Then, send it to the peer (see section 3.1.5.2.2).

If currentState is not set to WAIT_FOR_CAPABILITIES_RESPONSE, then the packet is ignored.