}
for (m = methods; m; m = m->next) {
+ //do not propose insecure unencapsulated MSCHAPv2 as Phase 1 Method
+ if(m->vendor == EAP_VENDOR_IETF && m->method == EAP_TYPE_MSCHAPV2)
+ continue;
+
+ //do not propose EAP_TYPE_TLS if no client cert/key are configured
+ if(m->vendor == EAP_VENDOR_IETF && m->method == EAP_TYPE_TLS) {
+ struct eap_peer_config *config = eap_get_config(sm);
+ if (config == NULL || config->private_key == 0 || config->client_cert == 0)
+ continue;
+ }
+
if (type == EAP_TYPE_EXPANDED) {
wpabuf_put_u8(resp, EAP_TYPE_EXPANDED);
wpabuf_put_be24(resp, m->vendor);
eap_mschapv2_init(struct eap_sm *sm)
{
struct eap_mschapv2_data *data;
+
+ //Do not init insecure unencapsulated MSCHAPv2 as Phase 1 method, only init if Phase 2
+ if(!sm->init_phase2)
+ return NULL;
+
data = (struct eap_mschapv2_data *)os_zalloc(sizeof(*data));
if (data == NULL)
return NULL;
end = buf + len;
for (i = 0; i < name->num_attr; i++) {
- //ret = os_snprintf(pos, end - pos, "%s=%s, ",
- ret = sprintf(pos, "%s=%s, ",
+ ret = os_snprintf(pos, end - pos, "%s=%s, ",
x509_name_attr_str(name->attr[i].type),
name->attr[i].value);
if (ret < 0 || ret >= end - pos)
}
if (name->email) {
- //ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
- ret = sprintf(pos, "/emailAddress=%s",
+ ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
name->email);
if (ret < 0 || ret >= end - pos)
goto done;