Problems with EAP-TLS

Christian Scheid cxscheid at gmail.com
Sun Nov 22 16:39:50 EST 2009


Hi Jouni,

thanks for your mail! He He, well, I'm the one who's been trying to write
the glue code. :)

I've based my code on the eap example with peer and server. As you can see
in the attached code I'm forwarding EAP authentication messages to the wpa
supplicant using eap_example_peer_rx and then doing a eap_example_peer_step.
Then I take the response data from eap_get_eapRespData and send it back to
the base station.

Do I need to keep track of the ids being forwarded to wpa supplicant and
suppress duplicate ids? Anything else you would recommend me doing
differently?

Thanks!

 dutch



-----------------------------------------------------------------------------------------
> Attached please find a more detailed trace with hex dumps of the
> received/sent packets. It looks to me that the supplicant is responding to
> id 4 but the server keeps resending the last id. Not sure why. Could it be
a
> timing issue?

Thanks. It looks like there is something quite badly wrong in whatever
is translating these messages between the authentication server and the
EAP peer implementation from wpa_supplicant. Based on the certificate
names, I would assume this is using WiMAX and some kind of translation
of EAP information from there into wpa_supplicant code. This code is not
included in the wpa_supplicant repository nor have I seen it, so I
cannot provide more comments on what could be wrong there.

I would suggest checking the translation glue code between WiMAX and EAP
peer. It seems to be sending most EAP messages multiple times (id=1
once, id=2 twice, id=3 thrice, id=4 at least four times)..

Is the WiMAX glue code that is used here something that is available
under an open source license (or could be released as such)?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20091122/e3651a23/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: EapAuthentication.zip
Type: application/zip
Size: 3723 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20091122/e3651a23/attachment.zip 


More information about the HostAP mailing list