GnuTLS and FreeRADIUS
Jouni Malinen
j at w1.fi
Tue Mar 24 20:28:23 CET 2009
On Tue, Mar 24, 2009 at 10:40:47AM -0700, Alan DeKok wrote:
> It's hard. The GNUTLS stuff contains wrappers for OpenSSL. However,
> they also got a number of things in their API wrong. (From what I recall
> about the last time I checked). This made using GnuTLS difficult.
If I remember correctly, the OpenSSL wrapper in GnuTLS is of not much
help if you want to use TLS for something else than a TCP socket, so it
is unlikely to help with FreeRADIUS.
> Hostap has wrapper functions around OpenSSL, GnuTLS, and their own
> implementation of SSL. It may be worth investigating that API, too.
If nothing else, that wrapper shows how GnuTLS can be used with EAP.
Anyway, I'm planning on cleaning up the TLS library API in
hostapd/wpa_supplicant a bit, so if there is something that would help
with FreeRADIUS, that could be considered at the same time. The TLS
wrapper code should already have quite limited dependencies on other
code from hostapd/wpa_supplicant, so from that view point, I would also
expect it to work more or less as-is with FreeRADIUS as long as you are
fine with selecting the TLS library at build time.
--
Jouni Malinen PGP id EFC895FA
More information about the Freeradius-Devel
mailing list