Release 1.1.1 TODO
Jouni Malinen
jkmaline at cc.hut.fi
Sun Feb 12 06:09:01 CET 2006
On Fri, Feb 10, 2006 at 11:21:05AM +0100, Nicolas Baradakis wrote:
> In short, I prefer a lot a debian patch for gnuTLS than a license
> modification. As gnuTLS has an OpenSSL compatibility layer, perhaps
> it's not hard to do.
The last time I looked at this compatibility layer, I did not find
suitable functionality for implementing EAP methods due to the
requirement of doing I/O with own routines (instead of using TCP
sockets).
If someone is planning on converting FreeRADIUS to use GnuTLS, it might
be worthwhile to take a look at the TLS wrapper I designed for
wpa_supplicant (EAP peer) and hostapd (EAP server). It includes
implementation for both OpenSSL and GnuTLS, i.e., there is a build time
option to select which one to use and core code does not need any
changes regardless of which TLS library is used. I would assume that
similar design would work fine with FreeRADIUS, too, or at least
tls_gnutls.c wrapper implementation can provide some examples on how
EAP-TLS/PEAP/TTLS can be implemented with GnuTLS.
--
Jouni Malinen PGP id EFC895FA
More information about the Freeradius-Devel
mailing list