EAP-TLS: Setting phase1 config
Posted: Fri Feb 04, 2022 8:06 am
Hi,
I'm trying to connect ESP32 to a WPA2 EAP-TLS Networks, I use the example from the ESP-IDF (V5.0) wifi_enterprise.
The chip connect well on Freeradius just a warning during the handshake about the TLS Fragment size:
But with windows Radius server it seems that unfragmented TLS packets need to include total length in the packet otherwise the server interpret this packet as a rejection from the peer.
I have found that there is a config in eap_peer_config.phase1 to add the packet length even if the packet is not fragmented (include_tls_length=1) (in components/wpa_supplicant/src/eap_peer/eap_tls_common.c:213)
I don't find a way to access this parameter trough the esp_supplicant interfaces, the only choice I have is to modify sources to force data->include_tls_length to 1... Is it a proper way to do this without modifying sources?
Regards,
I'm trying to connect ESP32 to a WPA2 EAP-TLS Networks, I use the example from the ESP-IDF (V5.0) wifi_enterprise.
The chip connect well on Freeradius just a warning during the handshake about the TLS Fragment size:
But with windows Radius server it seems that unfragmented TLS packets need to include total length in the packet otherwise the server interpret this packet as a rejection from the peer.
I have found that there is a config in eap_peer_config.phase1 to add the packet length even if the packet is not fragmented (include_tls_length=1) (in components/wpa_supplicant/src/eap_peer/eap_tls_common.c:213)
Code: Select all
if (config->phase1 &&
os_strstr(config->phase1, "include_tls_length=1")) {
wpa_printf(MSG_INFO, "TLS: Include TLS Message Length in "
"unfragmented packets");
data->include_tls_length = 1;
}
Regards,