aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/eap_register.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2012-08-22 19:34:11 (GMT)
committerJouni Malinen <j@w1.fi>2012-08-22 19:34:11 (GMT)
commit065d2895b4693e8c923580dbfa31123297c8bb7d (patch)
tree3af626199a8454ced913214db958bc2910764e23 /wpa_supplicant/eap_register.c
parentd13f9857f8cb7b90e78bf4725f4765f233606eb5 (diff)
downloadhostap-065d2895b4693e8c923580dbfa31123297c8bb7d.zip
hostap-065d2895b4693e8c923580dbfa31123297c8bb7d.tar.gz
hostap-065d2895b4693e8c923580dbfa31123297c8bb7d.tar.bz2
Add UNAUTH-TLS vendor specific EAP type
This EAP type uses a vendor specific expanded EAP header to encapsulate EAP-TLS with a configuration where the EAP server does not authenticate the EAP peer. In other words, this method includes only server authentication. The peer is configured with only the ca_cert parameter (similarly to other TLS-based EAP methods). This method can be used for cases where the network provides free access to anyone, but use of RSN with a securely derived unique PMK for each station is desired. The expanded EAP header uses the hostapd/wpa_supplicant vendor code 39068 and vendor type 1 to identify the UNAUTH-TLS method. Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'wpa_supplicant/eap_register.c')
-rw-r--r--wpa_supplicant/eap_register.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/wpa_supplicant/eap_register.c b/wpa_supplicant/eap_register.c
index c220aec..d1eb4ff 100644
--- a/wpa_supplicant/eap_register.c
+++ b/wpa_supplicant/eap_register.c
@@ -35,6 +35,11 @@ int eap_register_methods(void)
ret = eap_peer_tls_register();
#endif /* EAP_TLS */
+#ifdef EAP_UNAUTH_TLS
+ if (ret == 0)
+ ret = eap_peer_unauth_tls_register();
+#endif /* EAP_UNAUTH_TLS */
+
#ifdef EAP_MSCHAPv2
if (ret == 0)
ret = eap_peer_mschapv2_register();
@@ -145,6 +150,11 @@ int eap_register_methods(void)
ret = eap_server_tls_register();
#endif /* EAP_SERVER_TLS */
+#ifdef EAP_SERVER_UNAUTH_TLS
+ if (ret == 0)
+ ret = eap_server_unauth_tls_register();
+#endif /* EAP_SERVER_UNAUTH_TLS */
+
#ifdef EAP_SERVER_MSCHAPV2
if (ret == 0)
ret = eap_server_mschapv2_register();