Edited a comment

a5cd3559 · Robert Dubner · 4953c400 · a5cd3559
Commit a5cd3559 authored Oct 16, 2021 by Robert Dubner
--- a/contrib/slapd-modules/radiusov/radius.c
+++ b/contrib/slapd-modules/radiusov/radius.c
@@ -257,13 +257,19 @@ process_eap_message_identity(   RADIUS_INFO *radius_info,

        if(0)
            {
-            // Just in case we need it, someday.  Putting this inside a
-            // if() statement shushes some compiler warnings.
+            // Putting this inside an if() statement shushes 
+            // some compiler warnings.

            // NOTE: At the present time, we can send an MD5 challenge, but
-            // we don't process a valid MD5 response.  For now, I just use
+            // we don't process a valid MD5 response.  I just use
            // this MD5 challenge to stimulate a LEGACY NAK response from the
-            // Linksys WiFi access point I am using for development.
+            // Linksys WiFi access point I am using for development.  That's
+            // because we do want to handle LEGACY NAK.
+            
+            // The point is, we shouldn't send an outer MD5 challenge to
+            // somebody who might respond to it.  First, it's not secure.
+            // Second, as mentioned above, we haven't implemented the server
+            // side of the MD5 challenge!
            build_md5_challenge(&response, request, eap_message, shared_secret);
            }