* fast_pac_format=binary option can be used to select binary format
* for storing PAC entires in order to save some space (the default
* text format uses about 2.5 times the size of minimal binary format).
+ *
+ * crypto_binding option can be used to control PEAPv0 cryptobinding
+ * behavior:
+ * 0 = do not use cryptobinding
+ * 1 = use cryptobinding if server supports it (default)
+ * 2 = require cryptobinding
*/
char *phase1;
"receiving tunneled EAP-Success");
}
+ if (os_strstr(phase1, "crypto_binding=0")) {
+ data->crypto_binding = NO_BINDING;
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Do not use cryptobinding");
+ } else if (os_strstr(phase1, "crypto_binding=1")) {
+ data->crypto_binding = OPTIONAL_BINDING;
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Optional cryptobinding");
+ } else if (os_strstr(phase1, "crypto_binding=2")) {
+ data->crypto_binding = REQUIRE_BINDING;
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding");
+ }
+
return 0;
}
# challenges (by default, it accepts 2 or 3)
# result_ind=1 can be used to enable EAP-SIM and EAP-AKA to use
# protected result indication.
+# 'crypto_binding' option can be used to control PEAPv0 cryptobinding
+# behavior:
+# * 0 = do not use cryptobinding
+# * 1 = use cryptobinding if server supports it (default)
+# * 2 = require cryptobinding
# phase2: Phase2 (inner authentication with TLS tunnel) parameters
# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)