* [PATCH 2/2] auto-t: allow wildcard phase1 for EAP tests
@ 2022-06-01 16:05 James Prestwood
0 siblings, 0 replies; only message in thread
From: James Prestwood @ 2022-06-01 16:05 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 1099 bytes --]
This allows the EAP tests to pass, but the fix really needs to be in
hostapd itself. Hostapd currently tries to lookup the EAP session
immediately after receiving EAPOL_REAUTH. This uses the identity
it has stored which, in the case of PEAP/TTLS, will always be a phase2
identity. During this initial lookup hostapd hard codes the identity
to be phase1 which is not true for PEAP/TTLS, and the lookup fails.
---
autotests/misc/secrets/eap-user.text | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/autotests/misc/secrets/eap-user.text b/autotests/misc/secrets/eap-user.text
index 6f64b2f8..a34726d4 100644
--- a/autotests/misc/secrets/eap-user.text
+++ b/autotests/misc/secrets/eap-user.text
@@ -20,3 +20,8 @@
"ttls-mschapv2-phase2(a)example.com" TTLS-MSCHAPV2 "Password" [2]
"ttls-pap-phase2(a)example.com" TTLS-PAP "Password" [2]
"112345678(a)phonesim.org" SIM [2]
+
+# TODO: Hostapd is broken with phase1 lookups for reauthentication.
+# Allowing a wildcard phase1 for PEAP/TTLS is a stop gap until
+# hostapd is actually fixed.
+* PEAP,TTLS
--
2.34.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2022-06-01 16:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-06-01 16:05 [PATCH 2/2] auto-t: allow wildcard phase1 for EAP tests James Prestwood
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox