Hello, Any thoughts on this patch? Last time there was a question of if there was any need for it, but no one could explain how to do PEAP with the inner method EAP-TLS with wpa_supplicant/eapol_test otherwise. Though PEAP with EAP-TLS is somewhat pointless since Microsoft killed SoH[1] in Windows 10, some users of FreeRADIUS still use wish to use it. Regards Alex [1] https://docs.microsoft.com/en-us/windows/win32/nap/network-access-protection-start-page On Fri, 16 Oct 2020, at 09:31, Alexander Clouter wrote: > PEAP supports using EAP-TLS as the inner method (often referred to as > PEAP-TLS or PEAP-EAP-TLS in the literature). This patch exposes the hooks > that enable this to be configured and used by wpa_supplicant/eapol_test. > > This patch came about during TLSv1.3 interop testing between FreeRADIUS and > Microsoft leading to fixing up support for PEAP-TLS in both FreeRADIUS and > this hostap patch. > > Changes since: > v1: included commit message with submission; no code change > > Signed-off-by: Alexander Clouter <alex@xxxxxxxxxxxxx> > > --- > src/eap_peer/eap_peap.c | 22 +++++++++++++++++++--- > 1 file changed, 19 insertions(+), 3 deletions(-) > > diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c > index 7c3704369..7bcba4de2 100644 > --- a/src/eap_peer/eap_peap.c > +++ b/src/eap_peer/eap_peap.c > @@ -146,13 +146,29 @@ static void * eap_peap_init(struct eap_sm *sm) > if (config && config->phase1) > eap_peap_parse_phase1(data, config->phase1); > > - if (eap_peer_select_phase2_methods(config, "auth=", > - &data->phase2_types, > - &data->num_phase2_types, 0) < 0) { > + if (os_strstr(config->phase2, "auth=") && os_strstr(config->phase2, > "autheap=")) { > + wpa_printf(MSG_ERROR, > + "EAP-PEAP: Both auth= and autheap= params cannot be specified"); > eap_peap_deinit(sm, data); > return NULL; > } > > + if (os_strstr(config->phase2, "auth=")) { > + if (eap_peer_select_phase2_methods(config, "auth=", > + &data->phase2_types, > + &data->num_phase2_types, 0) < 0) { > + eap_peap_deinit(sm, data); > + return NULL; > + } > + } else { > + if (eap_peer_select_phase2_methods(config, "autheap=", > + &data->phase2_types, > + &data->num_phase2_types, 0) < 0) { > + eap_peap_deinit(sm, data); > + return NULL; > + } > + } > + > data->phase2_type.vendor = EAP_VENDOR_IETF; > data->phase2_type.method = EAP_TYPE_NONE; > > -- > 2.20.1 > > -- Alexander Clouter _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
