Release 1.1.1 TODO

Jouni Malinen jkmaline at cc.hut.fi
Sun Feb 12 06:09:01 CET 2006


On Fri, Feb 10, 2006 at 11:21:05AM +0100, Nicolas Baradakis wrote:

> In short, I prefer a lot a debian patch for gnuTLS than a license
> modification. As gnuTLS has an OpenSSL compatibility layer, perhaps
> it's not hard to do.

The last time I looked at this compatibility layer, I did not find
suitable functionality for implementing EAP methods due to the
requirement of doing I/O with own routines (instead of using TCP
sockets).

If someone is planning on converting FreeRADIUS to use GnuTLS, it might
be worthwhile to take a look at the TLS wrapper I designed for
wpa_supplicant (EAP peer) and hostapd (EAP server). It includes
implementation for both OpenSSL and GnuTLS, i.e., there is a build time
option to select which one to use and core code does not need any
changes regardless of which TLS library is used. I would assume that
similar design would work fine with FreeRADIUS, too, or at least
tls_gnutls.c wrapper implementation can provide some examples on how
EAP-TLS/PEAP/TTLS can be implemented with GnuTLS.
 
-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Freeradius-Devel mailing list