Commit Graph

4 Commits

Author SHA1 Message Date
Carolin Latze
98842d51ec Separate OpenSSL engine configuration for Phase 2
I fixed the engine issue in phase2 of EAP-TTLS. The problem was that you
only defined one engine variable, which was read already in phase1. I
defined some new variables:

engine2
engine2_id
pin2

and added support to read those in phase2 wheres all the engine
variables without number are only read in phase1. That solved it and I
am now able to use an engine also in EAP-TTLS phase2.
2008-11-18 16:53:32 +02:00
Jouni Malinen
ef626b4d50 Added a workaround for handling TLS compression
Even though we try to disable TLS compression, it is possible that this
cannot be done with all TLS libraries. For example, OpenSSL 0.9.8 does not
seem to have a configuration item for disabling all compression (0.9.9 has
such an option). If compression is used, Phase 2 decryption may end up
producing more data than the input buffer due to compressed data. This
shows up especially with EAP-TNC that uses very compressible data format.

As a workaround, increase the decryption buffer length to (orig_len+500)*3.
This is a hack, but at least it handles most cases. TLS compression should
really be disabled for EAP use of TLS, but since this can show up with
common setups, it is better to handle this case.
2008-05-26 12:33:04 +03:00
David Smith
d1f73353bc Add support to eap_peer for client cert and CA cert on smartcard and in
phase2 auth.
2008-05-23 10:52:49 +03:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00