Alan DeKok wrote:
Nicolas Baradakis <nbk@sitadelle.com> wrote:
- pull eap fixes from CVS head to address Debian's issues. I found many changes not in branch 1.1 but I've no idea whether they are safe or not: - moved TLS code from rlm_eap_tls to libeap.
Yes.
- removed record_* functions from global visibility.
Not necessary.
- remove the EAP submodule locking.
Sure, but not necessary.
- change autoconf tests for OpenSSL. - put the eap sessions into a tree, so that looking them up is very fast, and no longer O(n) in the number of sessions.
Not really necessary, but sure. There should only be 10's of ongoing EAP sessions at a time, so it's not critical.
- if the callback fails, do eap_fail() to get an EAP-Failure message and return reject. - use new hex2bin function to be more forgiving for NT-Passwords - make "use_tunneled_reply" work properly for PEAP
Yes.
Ok, I made a sweep on all files under src/modules/rlm_eap and pulled the changes into branch 1.1. I can now build all the problematic modules rlm_eap_{peap,tls,ttls} on my Debian box, and the server successfully link them at startup. (this had never worked before with 1.1.0 on Debian) It'd be great if someone else could also run a few tests on the new code in CVS, just to be sure that nothing is broken. -- Nicolas Baradakis