aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2008-11-20 10:49:34 (GMT)
committerJouni Malinen <j@w1.fi>2008-11-20 10:49:34 (GMT)
commitc31a11c962388d5e07780c16a0725447e8bad0cd (patch)
tree29ae1fca2197961625d4ac8cec9a44a7233344aa
parentbd1d13c199a51f4a1a31ec164e9cef3ed5237d88 (diff)
downloadhostap-06-c31a11c962388d5e07780c16a0725447e8bad0cd.zip
hostap-06-c31a11c962388d5e07780c16a0725447e8bad0cd.tar.gz
hostap-06-c31a11c962388d5e07780c16a0725447e8bad0cd.tar.bz2
Changed PEAPv0 cryptobinding to be disabled by default
There are some interoperability issues with Windows Server 2008 NPS, so better disable cryptobinding use by default for now.
-rw-r--r--src/eap_peer/eap_config.h4
-rw-r--r--src/eap_peer/eap_peap.c2
-rw-r--r--wpa_supplicant/wpa_supplicant.conf4
3 files changed, 5 insertions, 5 deletions
diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h
index bd526ff..f6126bb 100644
--- a/src/eap_peer/eap_config.h
+++ b/src/eap_peer/eap_config.h
@@ -353,8 +353,8 @@ struct eap_peer_config {
*
* crypto_binding option can be used to control PEAPv0 cryptobinding
* behavior:
- * 0 = do not use cryptobinding
- * 1 = use cryptobinding if server supports it (default)
+ * 0 = do not use cryptobinding (default)
+ * 1 = use cryptobinding if server supports it
* 2 = require cryptobinding
*/
char *phase1;
diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index 3af888c..a350448 100644
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -140,7 +140,7 @@ static void * eap_peap_init(struct eap_sm *sm)
data->peap_version = EAP_PEAP_VERSION;
data->force_peap_version = -1;
data->peap_outer_success = 2;
- data->crypto_binding = OPTIONAL_BINDING;
+ data->crypto_binding = NO_BINDING;
if (config && config->phase1 &&
eap_peap_parse_phase1(data, config->phase1) < 0) {
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 44dc3a1..dd4f579 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -394,8 +394,8 @@ fast_reauth=1
# protected result indication.
# 'crypto_binding' option can be used to control PEAPv0 cryptobinding
# behavior:
-# * 0 = do not use cryptobinding
-# * 1 = use cryptobinding if server supports it (default)
+# * 0 = do not use cryptobinding (default)
+# * 1 = use cryptobinding if server supports it
# * 2 = require cryptobinding
# phase2: Phase2 (inner authentication with TLS tunnel) parameters
# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or