Mutual TLS authentication in handshake phase of EAP-TTLS

[Lewis Adam-VNQM87]

Hi,

  apologies if this question has been answered elsewhere - I looked but
couldn't see anything, even in the "Mutual EAP-TTLS Authentication"
thread.

I am currently looking at the eapol_test code to see if I can use it as
a RADIUS client. I have ran eapol_test with various EAP-TLS and EAP-TTLS
configuration files, testing successfully with a freeRADIUS server.
Looking at the EAP-TTLS RFC 5281, I have read the following: 

In EAP-TTLS, the TLS authentication may be mutual; or it may be one-way,
in which only the server is authenticated to the client.

My question is, does eapol_test currently allow mutual TLS
authentication for EAP-TTLS? If so, how do I configure it (or the
configuration files) to do so? I believe the tunnelled protocol can also
be TLS but I want to avoid this as I need to have the ability to verify
users rather than the client (e.g. by doing user/password checks).

I'd appreciate any help you can give.

Regards,
Adam Lewis.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20100225/5c399d8a/attachment.htm