hi, Dan Could you help to explain that how network manager know which phase2 method is used?
Thanks Janboe Ye Dan Williams wrote: > On Fri, 2012-01-06 at 10:39 +0800, Gary Ching-Pang Lin wrote: >> 2012/1/6 Dan Williams <d...@redhat.com>: >> > On Thu, 2011-12-29 at 11:27 +0800, Gary Ching-Pang Lin wrote: >> >> Hi all, >> >> >> >> I read the source code of network-manager-applet recently and >> >> have some questions about the eap-method-tls.c. >> >> >> >> In eap-method-tls.c, there are several checks for the variable >> >> "phase2" which isn't used in ttls or peap, and the variable is >> >> initialized in eap_method_tls_new() and is never changed afterward. >> >> However, I found that eap_method_tls_new() is called only in >> >> wireless-security.c, and "phase2" is set to FALSE explicitly. >> >> In other words, the phase2 functions in eap-method-tls.c were >> >> never used. >> >> >> >> Here are my questions. >> >> 1) Why "phase2" is declared but never used? For any further plan >> >> or just a legacy of some old code? >> > >> > It's actually used. The EAPMethod things are lightweight objects but >> > don't use GObject, just plain C structures. So what's going on there >> > is that phase2 gets passed into eap_method_tls_new() and then that is >> > passed to the call to eap_method_init(). The object returned from that >> > call is actually the EAPMethodTLS, or "self". Anywhere in that file >> > you see EAPMethod/parent that means the EAPMethodTLS->parent, so the >> > phase2 passed in here actually shows up as parent->phase2 throughout >> > the file. >> > >> Thanks for the explanation. What's confusing me is that >> eap_method_tls_new() only appears in wireless-security.c besides >> eap-method-tls.*: >> >> em_tls = eap_method_tls_new (sec, connection, FALSE, secrets_only); >> >> The statement assigns FALSE to phase2 explicitly. So even there are >> checks for phase2 in eap-method-tls.c, the variable is always FALSE, and >> the phase2 checks become kind of meaningless. > > It looks like TLS phase2 was coded for but never actually > enabled/finished because at the time I think there may have been > questions about whether it was really a valid configuration. But I > think the phase2 support will never get called, as you suggest. We > could enable it though, I'd be happy to take patches to do so since I've > had a few questions about it. > > Dan > >> > It could be clearer if these were actually GObjects I suppose, since >> > that's a standard understandable mechanism, instead of the >> > pseudo-object stuff that I wrote here long ago. >> > >> >> 2) In what condition EAP-TLS will be used as "Phase 2"? >> >> I googled related documents but only found the Phase 2 auth >> >> methods for PEAP and TTLS. >> > >> > TTLS-TLS is a valid method: TTLS for the outer tunnel, and TLS for the >> > inner tunnel. I've also heard that PEAP-TLS is used though that's a >> > pretty pointless setup. Basically, TLS is a valid inner tunnel (ie, >> > "phase2" method). >> > >> Ah, then that makes sense, though TTLS-TLS/PEAP-TLS seems too >> complicated for a normal user :-p >> >> Gary Lin _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list