EAP-TLS: Setting phase1 config

hmojito
Posts: 9
Joined: Sat May 12, 2018 11:05 am

EAP-TLS: Setting phase1 config

Postby hmojito » Fri Feb 04, 2022 8:06 am

Hi,
I'm trying to connect ESP32 to a WPA2 EAP-TLS Networks, I use the example from the ESP-IDF (V5.0) wifi_enterprise.
The chip connect well on Freeradius just a warning during the handshake about the TLS Fragment size:

But with windows Radius server it seems that unfragmented TLS packets need to include total length in the packet otherwise the server interpret this packet as a rejection from the peer.
I have found that there is a config in eap_peer_config.phase1 to add the packet length even if the packet is not fragmented (include_tls_length=1) (in components/wpa_supplicant/src/eap_peer/eap_tls_common.c:213)

Code: Select all

if (config->phase1 &&
	    os_strstr(config->phase1, "include_tls_length=1")) {
		wpa_printf(MSG_INFO, "TLS: Include TLS Message Length in "
			   "unfragmented packets");
		data->include_tls_length = 1;
	}
I don't find a way to access this parameter trough the esp_supplicant interfaces, the only choice I have is to modify sources to force data->include_tls_length to 1... Is it a proper way to do this without modifying sources?
Regards,

Who is online

Users browsing this forum: jesper and 52 guests