EAP TLS - Hostapd
Satya Prakash Prasad
satyaprakash.developer.unix at gmail.com
Wed Apr 10 17:59:54 PDT 2024
Hi,
Many thanks to Glenn and others for providing information.
As I understand then after the successful authentication the
supplicant is then allowed into the network . I was assuming that the
device will send a request like to read / write to a file - If my
understanding is now correct please confirm who will validate each
time that after successful authentication for supplicant
authentication has been done.
Please do provide some information as to what happens after the
supplicant successful authentication, specifically how each time the
supplicant is verified as a verified device.
Regards,
Prakash
On Thu, Apr 11, 2024 at 4:34 AM Glenn Strauss
<gs-lists-hostap at gluelogic.com> wrote:
>
> On Wed, Apr 10, 2024 at 01:55:47PM -0400, Alan DeKok wrote:
> > On Apr 10, 2024, at 12:11 PM, Satya Prakash Prasad <satyaprakash.developer.unix at gmail.com> wrote:
> > > Many thanks for the information as provided. Yes we are trying data
> > > in-between server and peer after the secure connection is
> > > established..
> >
> > This is more of a protocol question than a hostap question.
> >
> > EAP-TLS does not support sending data inside of the TLS tunnel.
> >
> > You might be able to send some data inside of a TTLS tunnel, but that is very limited. EAP-TLS, TTLS, etc. are not designed as general-purpose transport protocols.
> >
> > Perhaps you could describe what data you need to send, and why.
> >
> > Alan DeKok.
>
> Satya has not previously written *anything* with hostap code,
> and has not previously written *anything* with mbedtls.
>
> Satya is an undergraduate student and their questions appear to
> be part of a group project.
>
> > On Wed, Mar 27, 2024 at 09:35:15PM +0530, Satya Prakash Prasad wrote:
> > > I am an IT student doing this project to gain knowledge and experience.on
> > > Arduino Arm board.
>
> **
> ** Please do continue to help them if you like!
> **
>
> After sending a personal email to me, I asked for more info.
> Satya provided this:
>
> > On Tue, Mar 26, 2024 at 19:45:35PM +0530, Satya Prakash Prasad wrote:
> > We are building EAP functionality / feature using MBedTLS into our embedded
> > device so there is no concept of process - it's just FreeRTOS running in it
> > Our device will act as a peer / client device where any authorized
> > supplicant / other device can connect to access our device information.
> >
> > So we are running EAP as in a thread and on a connection we need to
> > authorize the connection to allow access to our device parameters.
>
> Whether naivety or not, I felt they displayed little respect for the
> **time** of the professionals to which the questions have been sent.
> (Case in point, I am providing the context to this thread, which they
> failed to do, even after having failed to do the same when contacting
> me privately two weeks ago.)
>
> After I pointed Satya to tls_init() description in
> hostap/src/crypto/tls.h:
>
> > > > On Wed, Mar 27, 2024 at 02:44:14PM +0530, Satya Prakash Prasad wrote:
> > > > > Hi Glenn,
> > > > >
> > > > > Many thanks for your prompt reply and indeed this is my first effort in
> > > > > programming with MbedTLS and EAP modules.
> > > > >
> > > > > As rightly stated I am not able to understand the description of the
> > > > > interface for tls_init() and have no relationship with prplfoundation -
> > > > > it's just that for an embedded product being developed as part of
> > > > > undergraduate program project we are planning to integrate EAP TLS
> > > > > functionality using third party's code available.
> > > > >
> > > > > Hence I also do not have much idea on mbedtls_ssl_context either but need
> > > > > to self educate on the same. Can you please help us how to start and
> > > > > understand each API description / implementation?
> > > > >
> > > > > Please guide us accordingly.
> > > > >
> > > > > Thanks in advance and please let me know incase of any issues or concerns.
> > > > >
> > > > > Regards,
> > > > > Prakash
More information about the Hostap
mailing list