aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2011-09-25 18:28:32 (GMT)
committerJouni Malinen <j@w1.fi>2011-09-25 18:28:32 (GMT)
commitfd2f2d0489635d590930bc0945fbc438ba1387e2 (patch)
treefa39088a3efac0481c464609b2371ed3fe0ded4a /hostapd
parente655e1f5120cd9853387d03dd894cd05afe61fd5 (diff)
downloadhostap-fd2f2d0489635d590930bc0945fbc438ba1387e2.zip
hostap-fd2f2d0489635d590930bc0945fbc438ba1387e2.tar.gz
hostap-fd2f2d0489635d590930bc0945fbc438ba1387e2.tar.bz2
Remove EAP-TTLSv1 and TLS/IA
These protocols seem to be abandoned: latest IETF drafts have expired years ago and it does not seem likely that EAP-TTLSv1 would be deployed. The implementation in hostapd/wpa_supplicant was not complete and not fully tested. In addition, the TLS/IA functionality was only available when GnuTLS was used. Since GnuTLS removed this functionality in 3.0.0, there is no available TLS/IA implementation in the latest version of any supported TLS library. Remove the EAP-TTLSv1 and TLS/IA implementation to clean up unwanted complexity from hostapd and wpa_supplicant. In addition, this removes any potential use of the GnuTLS extra library.
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/Makefile4
-rw-r--r--hostapd/defconfig10
2 files changed, 1 insertions, 13 deletions
diff --git a/hostapd/Makefile b/hostapd/Makefile
index 047961e..8e8c8c0 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -456,10 +456,6 @@ ifeq ($(CONFIG_TLS), gnutls)
ifdef TLS_FUNCS
OBJS += ../src/crypto/tls_gnutls.o
LIBS += -lgnutls -lgpg-error
-ifdef CONFIG_GNUTLS_EXTRA
-CFLAGS += -DCONFIG_GNUTLS_EXTRA
-LIBS += -lgnutls-extra
-endif
endif
OBJS += ../src/crypto/crypto_gnutls.o
HOBJS += ../src/crypto/crypto_gnutls.o
diff --git a/hostapd/defconfig b/hostapd/defconfig
index d9b4b6d..97af2d3 100644
--- a/hostapd/defconfig
+++ b/hostapd/defconfig
@@ -211,19 +211,11 @@ CONFIG_IPV6=y
# Select TLS implementation
# openssl = OpenSSL (default)
-# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA)
+# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# none = Empty template
#CONFIG_TLS=openssl
-# Whether to enable TLS/IA support, which is required for EAP-TTLSv1.
-# You need CONFIG_TLS=gnutls for this to have any effect. Please note that
-# even though the core GnuTLS library is released under LGPL, this extra
-# library uses GPL and as such, the terms of GPL apply to the combination
-# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not
-# apply for distribution of the resulting binary.
-#CONFIG_GNUTLS_EXTRA=y
-
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.