[PATCH v2] PEAP peer: allow autheap for EAP-TLS phase2 support
Alexander Clouter
alex at digriz.org.uk
Fri Oct 16 04:31:03 EDT 2020
PEAP supports using EAP-TLS as the inner method (often referred to as
PEAP-TLS or PEAP-EAP-TLS in the literature). This patch exposes the hooks
that enable this to be configured and used by wpa_supplicant/eapol_test.
This patch came about during TLSv1.3 interop testing between FreeRADIUS and
Microsoft leading to fixing up support for PEAP-TLS in both FreeRADIUS and
this hostap patch.
Changes since:
v1: included commit message with submission; no code change
Signed-off-by: Alexander Clouter <alex at digriz.org.uk>
---
src/eap_peer/eap_peap.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index 7c3704369..7bcba4de2 100644
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -146,13 +146,29 @@ static void * eap_peap_init(struct eap_sm *sm)
if (config && config->phase1)
eap_peap_parse_phase1(data, config->phase1);
- if (eap_peer_select_phase2_methods(config, "auth=",
- &data->phase2_types,
- &data->num_phase2_types, 0) < 0) {
+ if (os_strstr(config->phase2, "auth=") && os_strstr(config->phase2, "autheap=")) {
+ wpa_printf(MSG_ERROR,
+ "EAP-PEAP: Both auth= and autheap= params cannot be specified");
eap_peap_deinit(sm, data);
return NULL;
}
+ if (os_strstr(config->phase2, "auth=")) {
+ if (eap_peer_select_phase2_methods(config, "auth=",
+ &data->phase2_types,
+ &data->num_phase2_types, 0) < 0) {
+ eap_peap_deinit(sm, data);
+ return NULL;
+ }
+ } else {
+ if (eap_peer_select_phase2_methods(config, "autheap=",
+ &data->phase2_types,
+ &data->num_phase2_types, 0) < 0) {
+ eap_peap_deinit(sm, data);
+ return NULL;
+ }
+ }
+
data->phase2_type.vendor = EAP_VENDOR_IETF;
data->phase2_type.method = EAP_TYPE_NONE;
--
2.20.1
More information about the Hostap
mailing list