PEAP supports using EAP-TLS as the inner method (often referred to as PEAP-TLS or PEAP-EAP-TLS in the literature). This patch exposes the hooks that enable this to be configured and used by wpa_supplicant/eapol_test. This patch came about during TLSv1.3 interop testing between FreeRADIUS and Microsoft leading to fixing up support for PEAP-TLS in both FreeRADIUS and this hostap patch. Changes since: v1: included commit message with submission; no code change Signed-off-by: Alexander Clouter <alex@xxxxxxxxxxxxx> --- src/eap_peer/eap_peap.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c index 7c3704369..7bcba4de2 100644 --- a/src/eap_peer/eap_peap.c +++ b/src/eap_peer/eap_peap.c @@ -146,13 +146,29 @@ static void * eap_peap_init(struct eap_sm *sm) if (config && config->phase1) eap_peap_parse_phase1(data, config->phase1); - if (eap_peer_select_phase2_methods(config, "auth=", - &data->phase2_types, - &data->num_phase2_types, 0) < 0) { + if (os_strstr(config->phase2, "auth=") && os_strstr(config->phase2, "autheap=")) { + wpa_printf(MSG_ERROR, + "EAP-PEAP: Both auth= and autheap= params cannot be specified"); eap_peap_deinit(sm, data); return NULL; } + if (os_strstr(config->phase2, "auth=")) { + if (eap_peer_select_phase2_methods(config, "auth=", + &data->phase2_types, + &data->num_phase2_types, 0) < 0) { + eap_peap_deinit(sm, data); + return NULL; + } + } else { + if (eap_peer_select_phase2_methods(config, "autheap=", + &data->phase2_types, + &data->num_phase2_types, 0) < 0) { + eap_peap_deinit(sm, data); + return NULL; + } + } + data->phase2_type.vendor = EAP_VENDOR_IETF; data->phase2_type.method = EAP_TYPE_NONE; -- 2.20.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap