aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2019-09-01 12:58:10 (GMT)
committerJouni Malinen <j@w1.fi>2019-09-01 14:19:35 (GMT)
commit8d76e0ad7bbffbc6b7a5fb898bbd1f42651101f6 (patch)
tree86e10bd33d965b8dd0e925a29e781644bb1d7e7c /hostapd
parentb99c4cadb7f8f63b3e83b7b67af0d01250f2ad77 (diff)
downloadhostap-8d76e0ad7bbffbc6b7a5fb898bbd1f42651101f6.zip
hostap-8d76e0ad7bbffbc6b7a5fb898bbd1f42651101f6.tar.gz
hostap-8d76e0ad7bbffbc6b7a5fb898bbd1f42651101f6.tar.bz2
EAP server: Configurable maximum number of authentication message rounds
Allow the previously hardcoded maximum numbers of EAP message rounds to be configured in hostapd EAP server. This can be used, e.g., to increase the default limits if very large X.509 certificates are used for EAP authentication. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/config_file.c4
-rw-r--r--hostapd/hostapd.conf6
2 files changed, 10 insertions, 0 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 4a2f12d..3ffd1ac 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2547,6 +2547,10 @@ static int hostapd_config_fill(struct hostapd_config *conf,
bss->tls_session_lifetime = atoi(pos);
} else if (os_strcmp(buf, "tls_flags") == 0) {
bss->tls_flags = parse_tls_flags(pos);
+ } else if (os_strcmp(buf, "max_auth_rounds") == 0) {
+ bss->max_auth_rounds = atoi(pos);
+ } else if (os_strcmp(buf, "max_auth_rounds_short") == 0) {
+ bss->max_auth_rounds_short = atoi(pos);
} else if (os_strcmp(buf, "ocsp_stapling_response") == 0) {
os_free(bss->ocsp_stapling_response);
bss->ocsp_stapling_response = os_strdup(pos);
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index b6091a1..6c96a76 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1081,6 +1081,12 @@ eap_server=0
# [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default)
#tls_flags=[flag1][flag2]...
+# Maximum number of EAP message rounds with data (default: 100)
+#max_auth_rounds=100
+
+# Maximum number of short EAP message rounds (default: 50)
+#max_auth_rounds_short=50
+
# Cached OCSP stapling response (DER encoded)
# If set, this file is sent as a certificate status response by the EAP server
# if the EAP peer requests certificate status in the ClientHello message.