7 May
2012
7 May
'12
12:34 p.m.
Jouni Malinen wrote:
It looks like the Message-Authenticator validation done by radclient for Disconnect-ACK/NAK and CoA-ACK/NAK messages does not match with the mechanism described in RFC 5176. Message-Authenticator is generated correctly for Disconnect-Request and CoA-Request, but I needed to modify rad_verify() to get this matching with the code I'm writing for hostapd.
It looks like a bug.
The following change was enough to make this interoperate with my hostapd implementation.
I've added the patch, thanks. Alan DeKok.