Date: Thu, 18 Jun 2009 10:36:04 -0700 From: Sam Leffler <sam@freebsd.org> To: Vladimir Terziev <vladimirt@partygaming.com> Cc: freebsd-net@freebsd.org, "Paul B. Mahol" <onemda@gmail.com> Subject: Re: hostapd with 802.1X EAP-TLS/TTLS support Message-ID: <4A3A7B04.2020906@freebsd.org> In-Reply-To: <1245323250.28444.48.camel@daemon2.partygaming.local> References: <3a142e750906180355lf9bb1a9vd7133e878e57eff@mail.gmail.com> <1245323250.28444.48.camel@daemon2.partygaming.local>
next in thread | previous in thread | raw e-mail | index | archive | help
EAP/TLS and TTLS should be configured by default in HEAD. Not sure what is done in RELENG_7. Regardless you can trivially rebuild hostapd w/ the functionality you want by definitions to your src.conf: HOSTAPD_CFLAGS HOSTAPD_DPADD HOSTAPD_LDADD (looks like you use WPA_SUPPLICANT_* knobs in RELENG_7, check usr.sbin/wpa/hostapd/Makefile). As to what should be enabled by default, I can only say that I tried to choose the most common setup as the default. Choosing this configuration also balances between bloat and inclusion of code that might not be as well audited and/or tested as other code. Hence the default setup used to be WPA-PSK only but has since grown to include various EAP flavors. My assumption was that anyone building a system using these tools would want to go through and choose what they wanted anyway so enabling everything was a bad idea. Sam Vladimir Terziev wrote: > Hi Paul, > > is there some special reason behind this? Why the server is made part of > the main distribution with stripped functionality ? > > Also, how can i enable it ? > > Thanks, > > Vladimir > > > On Thu, 2009-06-18 at 13:55 +0300, Paul B. Mahol wrote: > >> On 6/18/09, Vladimir Terziev <vladimirt@partygaming.com> wrote: >> >>> Hi, >>> >>> i try to setup wireless access point at home, based on FreeBSD >>> 7.2R-i386, ral(4) wireless card and hostpad(8). >>> >>> I want my wireless AP to support 802.1x EAP-TLS/TTLS authentication. >>> >> I >> >>> issued a custom SSL certificate for the hostapd(8) and put the >>> >> following >> >>> directives in hostapd.conf: >>> >>> eap_server=0 >>> ca_cert=/usr/local/etc/myCA.crt.pem >>> server_cert=/usr/local/etc/hostapd.server.crt.pem >>> private_key=/usr/local/etc/hostapd.server.key.pem >>> private_key_passwd=some_pass >>> >>> When i tried to start the hostapd(8) i got the following errors: >>> >>> Line 15: unknown configuration item 'eap_server' >>> Line 16: unknown configuration item 'ca_cert' >>> Line 17: unknown configuration item 'server_cert' >>> Line 18: unknown configuration item 'private_key' >>> Line 19: unknown configuration item 'private_key_passwd' >>> >>> Does the stock FreeBSD's hostapd(8) support 802.1X EAP-TLS/TTLS at >>> >> all >> >>> and if "not" why ? >>> >> 802.1X EAP-TLS/TTLS is not enabled by default on FreeBSD's hostapd(8). >> >> -- >> Paul >> >> >> > > This email and any attachments are confidential, and may be legally privileged and protected by copyright. If you are not the intended recipient dissemination or copying of this email is prohibited. If you have received this in error, please notify the sender by replying by email and then delete the email completely from your system. > > Any views or opinions are solely those of the sender. This communication is not intended to form a binding contract unless expressly indicated to the contrary and properly authorised. Any actions taken on the basis of this email are at the recipient's own risk. > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A3A7B04.2020906>