hostapd with 802.1X EAP-TLS/TTLS support
Vladimir Terziev
vladimirt at partygaming.com
Fri Jun 19 10:55:34 UTC 2009
Thanks Sam,
What should i put for HOSTAPD_CFLAGS, HOSTAPD_DPADD, HOSTAPD_LDADD or
WPA_SUPPLICANT_* (not sure which ones i should use) in order to get
hostapd rebuilt with the functionality i want ?
Regards,
Vladimir
On Thu, 2009-06-18 at 20:36 +0300, Sam Leffler wrote:
> EAP/TLS and TTLS should be configured by default in HEAD. Not sure
> what
> is done in RELENG_7. Regardless you can trivially rebuild hostapd w/
> the functionality you want by definitions to your src.conf:
>
> HOSTAPD_CFLAGS
> HOSTAPD_DPADD
> HOSTAPD_LDADD
>
> (looks like you use WPA_SUPPLICANT_* knobs in RELENG_7, check
> usr.sbin/wpa/hostapd/Makefile).
>
> As to what should be enabled by default, I can only say that I tried
> to
> choose the most common setup as the default. Choosing this
> configuration also balances between bloat and inclusion of code that
> might not be as well audited and/or tested as other code. Hence the
> default setup used to be WPA-PSK only but has since grown to include
> various EAP flavors. My assumption was that anyone building a system
> using these tools would want to go through and choose what they wanted
> anyway so enabling everything was a bad idea.
>
> Sam
>
>
> Vladimir Terziev wrote:
> > Hi Paul,
> >
> > is there some special reason behind this? Why the server is made
> part of
> > the main distribution with stripped functionality ?
> >
> > Also, how can i enable it ?
> >
> > Thanks,
> >
> > Vladimir
> >
> >
> > On Thu, 2009-06-18 at 13:55 +0300, Paul B. Mahol wrote:
> >
> >> On 6/18/09, Vladimir Terziev <vladimirt at partygaming.com> wrote:
> >>
> >>> Hi,
> >>>
> >>> i try to setup wireless access point at home, based on FreeBSD
> >>> 7.2R-i386, ral(4) wireless card and hostpad(8).
> >>>
> >>> I want my wireless AP to support 802.1x EAP-TLS/TTLS
> authentication.
> >>>
> >> I
> >>
> >>> issued a custom SSL certificate for the hostapd(8) and put the
> >>>
> >> following
> >>
> >>> directives in hostapd.conf:
> >>>
> >>> eap_server=0
> >>> ca_cert=/usr/local/etc/myCA.crt.pem
> >>> server_cert=/usr/local/etc/hostapd.server.crt.pem
> >>> private_key=/usr/local/etc/hostapd.server.key.pem
> >>> private_key_passwd=some_pass
> >>>
> >>> When i tried to start the hostapd(8) i got the following errors:
> >>>
> >>> Line 15: unknown configuration item 'eap_server'
> >>> Line 16: unknown configuration item 'ca_cert'
> >>> Line 17: unknown configuration item 'server_cert'
> >>> Line 18: unknown configuration item 'private_key'
> >>> Line 19: unknown configuration item 'private_key_passwd'
> >>>
> >>> Does the stock FreeBSD's hostapd(8) support 802.1X EAP-TLS/TTLS at
> >>>
> >> all
> >>
> >>> and if "not" why ?
> >>>
> >> 802.1X EAP-TLS/TTLS is not enabled by default on FreeBSD's
> hostapd(8).
> >>
> >> --
> >> Paul
> >>
> >>
> >>
> >
> > This email and any attachments are confidential, and may be legally
> privileged and protected by copyright. If you are not the intended
> recipient dissemination or copying of this email is prohibited. If you
> have received this in error, please notify the sender by replying by
> email and then delete the email completely from your system.
> >
> > Any views or opinions are solely those of the sender. This
> communication is not intended to form a binding contract unless
> expressly indicated to the contrary and properly authorised. Any
> actions taken on the basis of this email are at the recipient's own
> risk.
> >
> >
> > _______________________________________________
> > freebsd-net at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-net
> > To unsubscribe, send any mail to
> "freebsd-net-unsubscribe at freebsd.org"
> >
> >
> >
>
>
>
More information about the freebsd-net
mailing list