Re: EAP TLS - Hostapd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Many thanks to Glenn and others for providing information.

As I understand then after the successful authentication the
supplicant is then allowed into the network . I was assuming that the
device will send a request like to read / write to a file - If my
understanding is now correct please confirm who will validate each
time that after successful authentication for supplicant
authentication has been done.

Please do provide some information as to what happens after the
supplicant successful authentication, specifically how each time the
supplicant is verified as a verified device.

Regards,
Prakash

On Thu, Apr 11, 2024 at 4:34 AM Glenn Strauss
<gs-lists-hostap@xxxxxxxxxxxxx> wrote:
>
> On Wed, Apr 10, 2024 at 01:55:47PM -0400, Alan DeKok wrote:
> > On Apr 10, 2024, at 12:11 PM, Satya Prakash Prasad <satyaprakash.developer.unix@xxxxxxxxx> wrote:
> > > Many thanks for the information as provided. Yes we are trying data
> > > in-between server and peer after the secure connection is
> > > established..
> >
> >   This is more of a protocol question than a hostap question.
> >
> >   EAP-TLS does not support sending data inside of the TLS tunnel.
> >
> >   You might be able to send some data inside of a TTLS tunnel, but that is very limited.  EAP-TLS, TTLS, etc. are not designed as general-purpose transport protocols.
> >
> >   Perhaps you could describe what data you need to send, and why.
> >
> >   Alan DeKok.
>
> Satya has not previously written *anything* with hostap code,
> and has not previously written *anything* with mbedtls.
>
> Satya is an undergraduate student and their questions appear to
> be part of a group project.
>
> > On Wed, Mar 27, 2024 at 09:35:15PM +0530, Satya Prakash Prasad wrote:
> > > I am an IT student doing this project to gain knowledge and experience.on
> > > Arduino Arm board.
>
> **
> ** Please do continue to help them if you like!
> **
>
> After sending a personal email to me, I asked for more info.
> Satya provided this:
>
> > On Tue, Mar 26, 2024 at 19:45:35PM +0530, Satya Prakash Prasad wrote:
> > We are building EAP functionality / feature using MBedTLS into our embedded
> > device so there is no concept of process - it's just FreeRTOS running in it
> > Our device will act as a peer / client device where any authorized
> > supplicant / other device can connect to access our device information.
> >
> > So we are running EAP as in a thread and on a connection we need to
> > authorize the connection to allow access to our device parameters.
>
> Whether naivety or not, I felt they displayed little respect for the
> **time** of the professionals to which the questions have been sent.
> (Case in point, I am providing the context to this thread, which they
> failed to do, even after having failed to do the same when contacting
> me privately two weeks ago.)
>
> After I pointed Satya to tls_init() description in
> hostap/src/crypto/tls.h:
>
> > > > On Wed, Mar 27, 2024 at 02:44:14PM +0530, Satya Prakash Prasad wrote:
> > > > > Hi Glenn,
> > > > >
> > > > > Many thanks for your prompt reply and indeed this is my first effort in
> > > > > programming with MbedTLS and EAP modules.
> > > > >
> > > > > As rightly stated I am not able to understand the description of the
> > > > > interface for tls_init() and have no relationship with prplfoundation -
> > > > > it's just that for an embedded product being developed as part of
> > > > > undergraduate program project we are planning to integrate EAP TLS
> > > > > functionality using third party's code available.
> > > > >
> > > > > Hence I also do not have much idea on mbedtls_ssl_context either but need
> > > > > to self educate on the same. Can you please help us how to start and
> > > > > understand each API description / implementation?
> > > > >
> > > > > Please guide us accordingly.
> > > > >
> > > > > Thanks in advance and please let me know incase of any issues or concerns.
> > > > >
> > > > > Regards,
> > > > > Prakash

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap




[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux