wpa_supplicant and EAP-TLS

Jouni Malinen jkmaline
Tue Feb 24 20:58:57 PST 2004


On Mon, Feb 23, 2004 at 10:26:22PM -0800, Jouni Malinen wrote:

> The current implementation is still quite experimental, although mostly
> functional. Some parts have not yet been implemented and the
> implementation should not be considered to be secure at this point,
> e.g., due to missing Michael MIC countermeasures (hostapd) and server
> certificate verification (wpa_supplicant).

I fixed couple of bugs in the EAP-TLS code and wpa_supplicant should now
work correctly with it. Server certificate is now verified and
authentication is aborted if validation fails. So far, I have only
tested with FreeRADIUS as the authentication server. If someone happens
to test wpa_supplicant against other authentication servers, I would be
interested in hearing of results.

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list