projects / libeap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bd1d13c)
Changed PEAPv0 cryptobinding to be disabled by default
authorJouni Malinen <jouni.malinen@atheros.com>
Thu, 20 Nov 2008 10:49:34 +0000 (12:49 +0200)
committerJouni Malinen <j@w1.fi>
Thu, 20 Nov 2008 10:49:34 +0000 (12:49 +0200)
There are some interoperability issues with Windows Server 2008 NPS, so
better disable cryptobinding use by default for now.

src/eap_peer/eap_config.h patch | blob | history
src/eap_peer/eap_peap.c patch | blob | history
wpa_supplicant/wpa_supplicant.conf patch | blob | history

diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h
index bd526ff..f6126bb 100644 (file)
--- a/src/eap_peer/eap_config.h
+++ b/src/eap_peer/eap_config.h
@@ -353,8 +353,8 @@ struct eap_peer_config {
         *
         * crypto_binding option can be used to control PEAPv0 cryptobinding
         * behavior:
-        * 0 = do not use cryptobinding
-        * 1 = use cryptobinding if server supports it (default)
+        * 0 = do not use cryptobinding (default)
+        * 1 = use cryptobinding if server supports it
         * 2 = require cryptobinding
         */
        char *phase1;
diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index 3af888c..a350448 100644 (file)
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -140,7 +140,7 @@ static void * eap_peap_init(struct eap_sm *sm)
        data->peap_version = EAP_PEAP_VERSION;
        data->force_peap_version = -1;
        data->peap_outer_success = 2;
-       data->crypto_binding = OPTIONAL_BINDING;
+       data->crypto_binding = NO_BINDING;
 
        if (config && config->phase1 &&
            eap_peap_parse_phase1(data, config->phase1) < 0) {
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 44dc3a1..dd4f579 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -394,8 +394,8 @@ fast_reauth=1
 #      protected result indication.
 #      'crypto_binding' option can be used to control PEAPv0 cryptobinding
 #      behavior:
-#       * 0 = do not use cryptobinding
-#       * 1 = use cryptobinding if server supports it (default)
+#       * 0 = do not use cryptobinding (default)
+#       * 1 = use cryptobinding if server supports it
 #       * 2 = require cryptobinding
 # phase2: Phase2 (inner authentication with TLS tunnel) parameters
 #      (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
EAP library