Should EAP-TTLS only allow IETF phase 2 methods ?

Jouni Malinen j at
Mon Sep 9 05:49:35 PDT 2019

On Fri, Aug 09, 2019 at 06:45:38PM +0200, Olivier Roberdet wrote:
> In eap_server_ttls.c, line 837, the eap_server_get_eap_method() is
> called with the EAP_VENDOR_IETF constant passed as the vendor ID. I am
> wondering why the vendor ID has to be this one and not the one of the
> EAP Type that is being used. How would one use a custom EAP method for
> phase2 ?

There is no vendor specific authentication method other than a dummy one
for testing purposes in hostap.git, so there has not been much of a need
for such capability. Anyway, there is now support for vendor specific
EAP methods in Phase 2 of EAP-TTLS/PEAP/FAST/TEAP in the development
repository snapshot.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list