Hello, On Fri, 9 Oct 2020, at 13:22, Jouni Malinen wrote: > > Why would this be needed? As the inner method is EAP-TLS and not a non-EAP method such as MSCHAPv2. If there is an already existing way of doing EAP-TLS inside PEAP then I could not find it in the examples provided with wpa_supplicant, maybe I missed them? > EAP-PEAP inner method is configured with "auth", not "autheap". I do not remember auth=*TLS* working for me when I tried the few months ago when I originally posted this. > The "autheap" special case is needed with > EAP-TTLS where both EAP and non-EAP inner methods are supported. That is > not the case with EAP-PEAP. PEAP supports EAP-TLS as an inner method. I could not get PEAP with EAP-TLS working as an inner method, but I noticed eapol_test/wpa_supplicant does support TTLS/EAP-TLS. I browsed the code, noticed autheap=... being used and cribbed the methodology from there. If I did something wrong, sorry, I tried, I guessed on what needed to be done based on the existing code I saw already in there and it looks like I made a crappy job of it all. Sorry. > Furthermore, the commit message would need to include the Signed-off-by: > line as described in the CONTRIBUTIONS file for me to be able to > consider applying a patch. My bad, I will get that added and reposted. Regards -- Alexander Clouter _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
