+ //do not propose insecure unencapsulated MSCHAPv2 as Phase 1 Method
+ if(m->vendor == EAP_VENDOR_IETF && m->method == EAP_TYPE_MSCHAPV2)
+ continue;
+
+ //do not propose EAP_TYPE_TLS if no client cert/key are configured
+ if(m->vendor == EAP_VENDOR_IETF && m->method == EAP_TYPE_TLS) {
+ struct eap_peer_config *config = eap_get_config(sm);
+ if (config == NULL || config->private_key == 0 || config->client_cert == 0)
+ continue;
+ }
+