Re: [PATCH v2] PEAP peer: allow autheap for EAP-TLS phase2 support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Oct 16, 2020 at 09:31:03AM +0100, Alexander Clouter wrote:
> PEAP supports using EAP-TLS as the inner method (often referred to as
> PEAP-TLS or PEAP-EAP-TLS in the literature). This patch exposes the hooks
> that enable this to be configured and used by wpa_supplicant/eapol_test.

I still do not understand why this would be needed. EAP-TLS as an inner
method for PEAP has been supported for years with following:

    eap=PEAP
    phase2="auth=TLS"
    ca_cert="ca-for-outer-peap.pem"
    identity="User"
    ca_cert2="ca-for-inner-eap-tls.pem"
    client_cert2="user-cert-for-inner-eap-tls.pem"
    private_key2="user-private-key-for-inner-eap-tls.pem"

Sure, this is different compared to the EAP-TTLS special case, but the
special case is on the EAP-TTLS side (both EAP and non-EAP inner
methods) and not on PEAP (only EAP inner methods).

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux