What | Removed | Added |
---|---|---|
Flags | needinfo?(srinidhi.bs@microfocus.com) |
Pretty sure this is related to this commit: https://w1.fi/cgit/hostap/commit/?id=f24e48861d50b6b6fc5681f75d4aa75144862853 Basically mschapv2 was interpreted as mschap (v1) beforehand, which no longer works. We probably need to fix the templating in wicked, but is is actually not related to wpa_supplicant (I assume). This is the relevant commit message: >EAP-TTLS peer: Fix parsing auth= and autheap= phase2 params > >This patch fixes an issue with an invalid phase2 parameter value >auth=MSCHAPv2 getting interpreted as auth=MSCHAP (v1) which could >degrade security (though, only within a protected TLS tunnel). Now when >invalid or unsupported auth= phase2 parameter combinations are >specified, EAP-TTLS initialization throws an error instead of silently >doing something. > >More then one auth= phase2 type cannot be specified and also both auth= and >autheap= options cannot be specified. > >Parsing phase2 type is case sensitive (as in other EAP parts), so phase2 >parameter auth=MSCHAPv2 is invalid. Only auth=MSCHAPV2 is correct. > >Signed-off-by: Pali Roh�r <pali.rohar@gmail.com> >[Use cstr_token() to get rid of unnecessary allocation; cleanup] >Signed-off-by: Jouni Malinen <j@w1.fi>