tests: EAP-TEAP with client certificate in Phase 1
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
cd99a8c432
commit
948bd894f7
2 changed files with 28 additions and 0 deletions
|
@ -83,6 +83,8 @@ radius_accept_attr=27:d:3
|
||||||
|
|
||||||
"phase1-user" MSCHAPV2,MD5,GTC "password"
|
"phase1-user" MSCHAPV2,MD5,GTC "password"
|
||||||
|
|
||||||
|
"/C=FI/O=w1.fi/CN=Test User" TLS [2]
|
||||||
|
|
||||||
"020000000000" MACACL "020000000000"
|
"020000000000" MACACL "020000000000"
|
||||||
|
|
||||||
"020000000100" MACACL "020000000100"
|
"020000000100" MACACL "020000000100"
|
||||||
|
|
|
@ -574,3 +574,29 @@ def test_eap_teap_eap_vendor(dev, apdev):
|
||||||
anonymous_identity="TEAP",
|
anonymous_identity="TEAP",
|
||||||
ca_cert="auth_serv/ca.pem", phase2="auth=VENDOR-TEST",
|
ca_cert="auth_serv/ca.pem", phase2="auth=VENDOR-TEST",
|
||||||
pac_file="blob://teap_pac")
|
pac_file="blob://teap_pac")
|
||||||
|
|
||||||
|
def test_eap_teap_client_cert(dev, apdev):
|
||||||
|
"""EAP-TEAP with client certificate in Phase 1"""
|
||||||
|
check_eap_capa(dev[0], "TEAP")
|
||||||
|
params = int_teap_server_params(eap_teap_auth="2")
|
||||||
|
hapd = hostapd.add_ap(apdev[0], params)
|
||||||
|
|
||||||
|
# verify server accept a client with certificate, but no Phase 2
|
||||||
|
# configuration
|
||||||
|
eap_connect(dev[0], hapd, "TEAP", "user",
|
||||||
|
anonymous_identity="TEAP",
|
||||||
|
phase1="teap_provisioning=2",
|
||||||
|
client_cert="auth_serv/user.pem",
|
||||||
|
private_key="auth_serv/user.key",
|
||||||
|
ca_cert="auth_serv/ca.pem",
|
||||||
|
pac_file="blob://teap_pac")
|
||||||
|
dev[0].dump_monitor()
|
||||||
|
res = eap_reauth(dev[0], "TEAP")
|
||||||
|
if res['tls_session_reused'] != '1':
|
||||||
|
raise Exception("EAP-TEAP could not use PAC session ticket")
|
||||||
|
|
||||||
|
# verify server accepts a client without certificate
|
||||||
|
eap_connect(dev[1], hapd, "TEAP", "user",
|
||||||
|
anonymous_identity="TEAP", password="password",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
|
||||||
|
pac_file="blob://teap_pac")
|
||||||
|
|
Loading…
Reference in a new issue