Release 1.1.1 TODO
Alan DeKok
aland at ox.org
Sun Feb 12 06:45:48 CET 2006
Jouni Malinen <jkmaline at cc.hut.fi> wrote:
> The last time I looked at this compatibility layer, I did not find
> suitable functionality for implementing EAP methods due to the
> requirement of doing I/O with own routines (instead of using TCP
> sockets).
Yuck.
> If someone is planning on converting FreeRADIUS to use GnuTLS, it might
> be worthwhile to take a look at the TLS wrapper I designed for
> wpa_supplicant (EAP peer) and hostapd (EAP server). It includes
> implementation for both OpenSSL and GnuTLS, i.e., there is a build time
> option to select which one to use and core code does not need any
> changes regardless of which TLS library is used. I would assume that
> similar design would work fine with FreeRADIUS, too, or at least
> tls_gnutls.c wrapper implementation can provide some examples on how
> EAP-TLS/PEAP/TTLS can be implemented with GnuTLS.
Yeah. I've taken a look at eapol_test. It's *exactly* what we need
to do automated regression tests for FreeRADIUS. It's also neat,
clear, and well designed.
Do you think it would be a good idea to develop a client & server
EAP library? I know FreeRADIUS has bits & pieces that have been
severely hacked over time. FreeRADIUS also needs an EAP client
program that does more than radeapclient, and eapol_test doesn't send
RADIUS attributes.
I had patches sitting somewhere for eapol_test that would link to
the FreeRADIUS libs & load the dictionaries. Would you be interested
in those patches?
Alan DeKok.
More information about the Freeradius-Devel
mailing list