AT_NOTIFICATION is missing on the EAP_AKA server (authenticator)
Jouni Malinen
j
Mon Apr 2 20:37:18 PDT 2007
On Mon, Apr 02, 2007 at 07:36:39AM -0700, Gang Lu wrote:
> I am using the hostapd 0.5.7 version code (latest
> stable). However, I can't see anywhere the code tries
> to generate AT_NOTICATION back to the client as
> required by RFC in certain cases. However, the client
> side code (wpa-supplicant) does do that, generating
> AT_NOTICATION back to server upon receing
> AT_NOTIFICATIOn froms erver according to the RFC.
>
> So, I see the client is doing the right thing but the
> server (hostapd) seems missing the implementation to
> generate AT_NOTIFICATION.
Yes, indeed. I do remember not implementing protected result
notification on purpose, but I don't remember why this was left out.
Anyway, I added support for going through the notification round in
error cases before sending out EAP-Failure. I did not go through all
cases in RFC yet, so I may have missed something, but at least most
cases should now be sending out notification and only the notification
response or client error result in EAP-Failure to be sent out. Please
let me know if you notice anything wrong with this. The changes are only
in the 0.6.x development branch (Git tree) for the time being.
Testing this revealed a minor issue in wpa_supplicant, too. It was
discarding notification request after challenge exchange. This is also
fixed in 0.6.x.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list