[PATCH] Remove FreeRADIUS workaround from default configuration

Jouni Malinen j
Sat Jul 26 11:28:31 PDT 2014

On Wed, Jul 16, 2014 at 11:01:26AM -0700, Dmitry Shmidt wrote:
> diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
> @@ -501,7 +501,7 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
> -	if (sm->workaround) {
> +	if (sm->workaround & EAP_WORKAROUND_FREERADIUS) {
>  		/* At least FreeRADIUS seems to be terminating
>  		 * EAP-TTLS/MSHCAPV2 without the expected MS-CHAP-v2 Success
>  		 * packet. */

Thanks, I applied this with the workaround removed here completely
rather than leaving it as an optional workaround based on the
sm->workaround value. This is simpler and there does not seem to be
enough justification for this workaround to exist anymore.

FreeRADIUS changed its behavior in the 1.1.4 release and the older
versions of FreeRADIUS were the only documented case having needed this
workaround.  No one should be using that old version of the server
anymore, so it is fine to just get rid of this wpa_supplicant workaround
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list