Comment # 3 on bug 1026807 from Karol Babioch

Pretty sure this is related to this commit:
https://w1.fi/cgit/hostap/commit/?id=f24e48861d50b6b6fc5681f75d4aa75144862853

Basically mschapv2 was interpreted as mschap (v1) beforehand, which no longer
works. We probably need to fix the templating in wicked, but is is actually not
related to wpa_supplicant (I assume).

This is the relevant commit message:

>EAP-TTLS peer: Fix parsing auth= and autheap= phase2 params
>
>This patch fixes an issue with an invalid phase2 parameter value
>auth=MSCHAPv2 getting interpreted as auth=MSCHAP (v1) which could
>degrade security (though, only within a protected TLS tunnel). Now when
>invalid or unsupported auth= phase2 parameter combinations are
>specified, EAP-TTLS initialization throws an error instead of silently
>doing something.
>
>More then one auth= phase2 type cannot be specified and also both auth= and
>autheap= options cannot be specified.
>
>Parsing phase2 type is case sensitive (as in other EAP parts), so phase2
>parameter auth=MSCHAPv2 is invalid. Only auth=MSCHAPV2 is correct.
>
>Signed-off-by: Pali Roh�r <pali.rohar@gmail.com>
>[Use cstr_token() to get rid of unnecessary allocation; cleanup]
>Signed-off-by: Jouni Malinen <j@w1.fi>