[PATCH] EAP-TTLS: Fix parsing auth= and autheap= Phase2 params

Pali Rohár pali.rohar at gmail.com
Mon Dec 7 00:53:12 PST 2015

On Sunday 06 December 2015 13:47:12 Jouni Malinen wrote:
> Could you please read the top level CONTRIBUTIONS file and resubmit this
> with Signed-off-by: line added so that I can apply the changes?

Ou, sorry, I forgot -s param in git commit... So add my:
Signed-off-by: Pali Rohár <pali.rohar at gmail.com>

> As far as the changes are concerned, would it be more useful to make
> phase2 parsing case insensitive to allow that previously invalid
> auth=MSCHAPv2 case to be parsed in the same way as the valid
> auth=MSCHAPV2 case?

I was thinking about it and it is not good idea. All auth (eap and non
eap) types are case sensitive and upper-case. And consistency here could
be good argument.

Second, this patch does not change documentation, it just fix parsing
code to work as expected. So config file from new version (after
applying this patch) should do same as if it is used by older version
(without this patch). But accepting lower-case MSCHAPv2 would mean that
new and old version would parse that argument differently.

More over, if we accept MSCHAPv2 and parse it as MSCHAPV2 it means that
people could start creating howto/manual on internet and use lowercase
MSCHAPv2. If somebody with older version of wpa supplicant will use that
howto/manual then it will use V1 and not V2!

So I rather do not allow MSCHAPv2 at all. That option was invalid and
due to parser error was mapped to V1. I really do not like idea when
software change meaning of some option when updating to new version.

Pali Rohár
pali.rohar at gmail.com

More information about the Hostap mailing list