[RFC] supplicant/interworking: Allow EAP-TLS without user specified.
Jouni Malinen
j
Mon Sep 23 10:53:33 PDT 2013
On Mon, Sep 23, 2013 at 08:58:21AM -0700, Ben Greear wrote:
> In eap_sm_buildIdentity, there is a check for null identity. From what I
> can tell by reading code, it would seem that eap_sm_get_scard_identity
> could populate this automatically and let the EAP response be built properly,
> even when the user does not specify a username in the config file.
>
> I don't actually have any system that supports the pcsc/IMSI logic yet,
> so I can't test it.
That is for EAP-SIM/AKA/AKA', not for EAP-TLS.
> And, would it be worth just using a hard-coded "default-user" string
> for ID in cases where we cannot otherwise determine the ID?
No, EAP-TLS should probably extract the EAP identity from the client
certificate (subjectName or subjectAltName) if no identity is set in the
configuration.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list