http://bugzilla.suse.com/show_bug.cgi?id=1026807 http://bugzilla.suse.com/show_bug.cgi?id=1026807#c3 Karol Babioch <kbabioch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(srinidhi.bs@micro | |focus.com) --- Comment #3 from Karol Babioch <kbabioch@suse.com> --- Pretty sure this is related to this commit: https://w1.fi/cgit/hostap/commit/?id=f24e48861d50b6b6fc5681f75d4aa7514486285... Basically mschapv2 was interpreted as mschap (v1) beforehand, which no longer works. We probably need to fix the templating in wicked, but is is actually not related to wpa_supplicant (I assume). This is the relevant commit message:
EAP-TTLS peer: Fix parsing auth= and autheap= phase2 params
This patch fixes an issue with an invalid phase2 parameter value auth=MSCHAPv2 getting interpreted as auth=MSCHAP (v1) which could degrade security (though, only within a protected TLS tunnel). Now when invalid or unsupported auth= phase2 parameter combinations are specified, EAP-TTLS initialization throws an error instead of silently doing something.
More then one auth= phase2 type cannot be specified and also both auth= and autheap= options cannot be specified.
Parsing phase2 type is case sensitive (as in other EAP parts), so phase2 parameter auth=MSCHAPv2 is invalid. Only auth=MSCHAPV2 is correct.
Signed-off-by: Pali Rohár <pali.rohar@gmail.com> [Use cstr_token() to get rid of unnecessary allocation; cleanup] Signed-off-by: Jouni Malinen <j@w1.fi>
-- You are receiving this mail because: You are on the CC list for the bug.