From: Jouni Malinen Date: Thu, 20 Nov 2008 10:49:34 +0000 (+0200) Subject: Changed PEAPv0 cryptobinding to be disabled by default X-Git-Tag: hostap_0_6_6~22 X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=c31a11c962388d5e07780c16a0725447e8bad0cd;p=mech_eap.git Changed PEAPv0 cryptobinding to be disabled by default There are some interoperability issues with Windows Server 2008 NPS, so better disable cryptobinding use by default for now. --- diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h index bd526ff..f6126bb 100644 --- a/src/eap_peer/eap_config.h +++ b/src/eap_peer/eap_config.h @@ -353,8 +353,8 @@ struct eap_peer_config { * * crypto_binding option can be used to control PEAPv0 cryptobinding * behavior: - * 0 = do not use cryptobinding - * 1 = use cryptobinding if server supports it (default) + * 0 = do not use cryptobinding (default) + * 1 = use cryptobinding if server supports it * 2 = require cryptobinding */ char *phase1; diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c index 3af888c..a350448 100644 --- a/src/eap_peer/eap_peap.c +++ b/src/eap_peer/eap_peap.c @@ -140,7 +140,7 @@ static void * eap_peap_init(struct eap_sm *sm) data->peap_version = EAP_PEAP_VERSION; data->force_peap_version = -1; data->peap_outer_success = 2; - data->crypto_binding = OPTIONAL_BINDING; + data->crypto_binding = NO_BINDING; if (config && config->phase1 && eap_peap_parse_phase1(data, config->phase1) < 0) { diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf index 44dc3a1..dd4f579 100644 --- a/wpa_supplicant/wpa_supplicant.conf +++ b/wpa_supplicant/wpa_supplicant.conf @@ -394,8 +394,8 @@ fast_reauth=1 # protected result indication. # 'crypto_binding' option can be used to control PEAPv0 cryptobinding # behavior: -# * 0 = do not use cryptobinding -# * 1 = use cryptobinding if server supports it (default) +# * 0 = do not use cryptobinding (default) +# * 1 = use cryptobinding if server supports it # * 2 = require cryptobinding # phase2: Phase2 (inner authentication with TLS tunnel) parameters # (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or