<HTML><HEAD>
<META http-equiv=Content-Type content='text/html; charset=windows-1252'>
<title>Samsung Enterprise Portal mySingle</title>
<style> P, td, li {font-family:Arial, arial; font-size:9pt; margin-top:5px;margin-bottom:5px;} body{font-family:Arial, arial; font-size:9pt;}</style>
</HEAD><BODY><br><p>Hi,</p>
<p>&nbsp;</p>
<p>I would like to request Moderator to unsubscribe my mail ID from the list.</p>
<p>&nbsp;</p>
<p>Thanks &amp; Regards</p>
<p>Pankaj</p>
<p>&nbsp;</p><br><br>------- <b>Original Message</b> -------<br><b>Sender</b> : Jouni Malinen&lt;j@w1.fi&gt;<br><b>Date</b>   : 2008-10-31 04:04 (GMT+09:00)<br><b>Title</b>  : Re: Problems with EAP-TTLS/EAP-TLS - One Step further<br><br>On&nbsp;Thu,&nbsp;Oct&nbsp;30,&nbsp;2008&nbsp;at&nbsp;03:11:39PM&nbsp;+0100,&nbsp;Carolin&nbsp;Latze&nbsp;wrote:
<br>
<br>&gt;&nbsp;meanwhile&nbsp;I&nbsp;tried&nbsp;several&nbsp;things&nbsp;and&nbsp;didn&#39;t&nbsp;succeed&nbsp;but&nbsp;I&nbsp;have&nbsp;an&nbsp;idea&nbsp;
<br>&gt;&nbsp;what&#39;s&nbsp;going&nbsp;wrong.&nbsp;It&nbsp;seems&nbsp;that&nbsp;the&nbsp;wpa_supplicant&nbsp;only&nbsp;takes&nbsp;the&nbsp;
<br>&gt;&nbsp;engine&nbsp;for&nbsp;the&nbsp;outer&nbsp;authentication.&nbsp;Is&nbsp;that&nbsp;possible?
<br>
<br>Yes,&nbsp;that&nbsp;is&nbsp;quite&nbsp;possible.&nbsp;I&nbsp;have&nbsp;not&nbsp;tested&nbsp;using&nbsp;OpenSSL&nbsp;engine&nbsp;in
<br>phase&nbsp;2.
<br>
<br>&gt;&nbsp;Therefore&nbsp;my&nbsp;question:&nbsp;On&nbsp;the&nbsp;wpa_supplicant&nbsp;homepage&nbsp;I&nbsp;saw&nbsp;that&nbsp;
<br>&gt;&nbsp;EAP-TTLS/EAP-TLS&nbsp;has&nbsp;been&nbsp;tested&nbsp;with&nbsp;FreeRADIUS.&nbsp;Is&nbsp;there&nbsp;a&nbsp;place&nbsp;where&nbsp;
<br>&gt;&nbsp;to&nbsp;download&nbsp;the&nbsp;test&nbsp;configurations?&nbsp;That&nbsp;would&nbsp;be&nbsp;very&nbsp;helpful&nbsp;for&nbsp;me!&nbsp;
<br>&gt;&nbsp;I&nbsp;want&nbsp;to&nbsp;try&nbsp;to&nbsp;use&nbsp;EAP-TTLS/EAP-TLS&nbsp;without&nbsp;engine&nbsp;for&nbsp;a&nbsp;first&nbsp;test&nbsp;
<br>&gt;&nbsp;(take&nbsp;out&nbsp;the&nbsp;complexity&nbsp;in&nbsp;order&nbsp;to&nbsp;understand&nbsp;it&nbsp;:)).&nbsp;I&nbsp;tried&nbsp;it&nbsp;with:
<br>
<br>This&nbsp;worked&nbsp;when&nbsp;I&nbsp;lasted&nbsp;tested&nbsp;it,&nbsp;but&nbsp;I&#39;ve&nbsp;only&nbsp;tested&nbsp;without&nbsp;an
<br>engine&nbsp;and&nbsp;EAP-TLS&nbsp;inside&nbsp;EAP-PEAP&nbsp;or&nbsp;-TTLS&nbsp;has&nbsp;previously&nbsp;been&nbsp;somewhat
<br>of&nbsp;a&nbsp;problem&nbsp;case,&nbsp;so&nbsp;you&nbsp;may&nbsp;need&nbsp;to&nbsp;update&nbsp;FreeRADIUS&nbsp;unless&nbsp;you&nbsp;are
<br>using&nbsp;the&nbsp;latest&nbsp;release.
<br>
<br>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;eap=TTLS
<br>&gt;&nbsp;
<br>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;phase2=&quot;autheap=TLS&quot;
<br>&gt;&nbsp;
<br>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;identity=&quot;10.1.1.5&quot;
<br>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ca_cert=&quot;/home/latze/cert/cacert.pem&quot;
<br>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;client_cert2=&quot;/home/latze/cert/basisk_cert.pem&quot;
<br>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;private_key2=&quot;/home/latze/cert/basisk_key.pem&quot;
<br>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;private_key2_passwd=&quot;PW&quot;
<br>
<br>I&nbsp;would&nbsp;recommend&nbsp;including&nbsp;ca_cert2&nbsp;here,&nbsp;too,&nbsp;so&nbsp;that&nbsp;wpa_supplicant
<br>will&nbsp;verify&nbsp;server&nbsp;certificate&nbsp;in&nbsp;phase2&nbsp;should&nbsp;the&nbsp;server&nbsp;be&nbsp;using&nbsp;a
<br>different&nbsp;key&nbsp;in&nbsp;phase&nbsp;1&nbsp;and&nbsp;2&nbsp;(not&nbsp;really&nbsp;a&nbsp;very&nbsp;likely&nbsp;case,&nbsp;but
<br>anyway,&nbsp;it&nbsp;is&nbsp;good&nbsp;to&nbsp;validate&nbsp;certificates&nbsp;both&nbsp;in&nbsp;phase&nbsp;1&nbsp;and&nbsp;2).
<br>
<br>--&nbsp;
<br>Jouni&nbsp;Malinen&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;PGP&nbsp;id&nbsp;EFC895FA
<br>_______________________________________________
<br>HostAP&nbsp;mailing&nbsp;list
<br>HostAP@lists.shmoo.com
<br>http://lists.shmoo.com/mailman/listinfo/hostap
<br><p>&nbsp;</p><p>&nbsp;</p><!--SP:pankaj.razdan-->&nbsp;
<p><font color="blue"><i>SOC Software&nbsp;
</i></font></p>
<p><FONT face="??" color="blue"><SPAN 
style="FONT-SIZE: 10pt"><i>Wireless Solution Lab. </i></SPAN></FONT></p>
<P style="line-height:1; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial; font-family:???,arial;"><FONT face="??" color="blue"><SPAN 
style="FONT-SIZE: 10pt"><i>Institute of Central R&amp;D</i></SPAN></FONT><FONT face="??" color=#161685><SPAN 
style="FONT-SIZE: 10pt"><i> </i></SPAN></FONT></P><p><img src="file:///C|/Documents%20and%20Settings/Administrator/Desktop/samg.GIF" align="bottom" width="156" height="56" border="0" alt="samg.GIF"> 
</p>
<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="blue">&nbsp;&nbsp;&nbsp;&nbsp;Electro-Mechanics</font></p><!--pankaj.razdan:EP--><p>&nbsp;</p><p>&nbsp;</p></BODY></HTML>