Changed PEAPv0 cryptobinding to be disabled by default
There are some interoperability issues with Windows Server 2008 NPS, so better disable cryptobinding use by default for now.
This commit is contained in:
parent
bd1d13c199
commit
c31a11c962
3 changed files with 5 additions and 5 deletions
|
@ -353,8 +353,8 @@ struct eap_peer_config {
|
||||||
*
|
*
|
||||||
* crypto_binding option can be used to control PEAPv0 cryptobinding
|
* crypto_binding option can be used to control PEAPv0 cryptobinding
|
||||||
* behavior:
|
* behavior:
|
||||||
* 0 = do not use cryptobinding
|
* 0 = do not use cryptobinding (default)
|
||||||
* 1 = use cryptobinding if server supports it (default)
|
* 1 = use cryptobinding if server supports it
|
||||||
* 2 = require cryptobinding
|
* 2 = require cryptobinding
|
||||||
*/
|
*/
|
||||||
char *phase1;
|
char *phase1;
|
||||||
|
|
|
@ -140,7 +140,7 @@ static void * eap_peap_init(struct eap_sm *sm)
|
||||||
data->peap_version = EAP_PEAP_VERSION;
|
data->peap_version = EAP_PEAP_VERSION;
|
||||||
data->force_peap_version = -1;
|
data->force_peap_version = -1;
|
||||||
data->peap_outer_success = 2;
|
data->peap_outer_success = 2;
|
||||||
data->crypto_binding = OPTIONAL_BINDING;
|
data->crypto_binding = NO_BINDING;
|
||||||
|
|
||||||
if (config && config->phase1 &&
|
if (config && config->phase1 &&
|
||||||
eap_peap_parse_phase1(data, config->phase1) < 0) {
|
eap_peap_parse_phase1(data, config->phase1) < 0) {
|
||||||
|
|
|
@ -394,8 +394,8 @@ fast_reauth=1
|
||||||
# protected result indication.
|
# protected result indication.
|
||||||
# 'crypto_binding' option can be used to control PEAPv0 cryptobinding
|
# 'crypto_binding' option can be used to control PEAPv0 cryptobinding
|
||||||
# behavior:
|
# behavior:
|
||||||
# * 0 = do not use cryptobinding
|
# * 0 = do not use cryptobinding (default)
|
||||||
# * 1 = use cryptobinding if server supports it (default)
|
# * 1 = use cryptobinding if server supports it
|
||||||
# * 2 = require cryptobinding
|
# * 2 = require cryptobinding
|
||||||
# phase2: Phase2 (inner authentication with TLS tunnel) parameters
|
# phase2: Phase2 (inner authentication with TLS tunnel) parameters
|
||||||
# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
|
# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
|
||||||
|
|
Loading…
Reference in a new issue