[PATCH v2] PEAP peer: allow autheap for EAP-TLS phase2 support
Jouni Malinen
j at w1.fi
Sat Feb 20 09:26:42 EST 2021
On Fri, Oct 16, 2020 at 09:31:03AM +0100, Alexander Clouter wrote:
> PEAP supports using EAP-TLS as the inner method (often referred to as
> PEAP-TLS or PEAP-EAP-TLS in the literature). This patch exposes the hooks
> that enable this to be configured and used by wpa_supplicant/eapol_test.
I still do not understand why this would be needed. EAP-TLS as an inner
method for PEAP has been supported for years with following:
eap=PEAP
phase2="auth=TLS"
ca_cert="ca-for-outer-peap.pem"
identity="User"
ca_cert2="ca-for-inner-eap-tls.pem"
client_cert2="user-cert-for-inner-eap-tls.pem"
private_key2="user-private-key-for-inner-eap-tls.pem"
Sure, this is different compared to the EAP-TTLS special case, but the
special case is on the EAP-TTLS side (both EAP and non-EAP inner
methods) and not on PEAP (only EAP inner methods).
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list