TTLS AVP and RADIUS value-pairs?

2003-06-24 Thread Zhou Ping 
Hello,

I'm trying to make some modification to tls_handshake_recv(). As I have 
previously proposed, I'd like to extract the AVPs from the TLS packet and 
put them into the RADIUS packet. But the AVPs defined in the draft are 
represented by code-length-value triples(code is an 32-bit integer), 
whereas the value-pairs of RADIUS packet are represented by 
attribute-length-value triples(attribute is a string). I'm confused by this 
and I wonder if there is any kind of mapping between the code field of 
AVP and the attribute field of value-pair. How can I make a value-pair 
from the AVP extracted from the TLS packet?

regards,
Zhou Ping.~?????0~??b+?b?¥

Re: Implement PEAP part 2 into Freeradius?

2003-06-16 Thread Zhou Ping 
I'm working on the TTLS support, which is mostly the same as PEAP. Maybe we 
can have some discussion. As far as I know, we have to extract the AVPs 
from the TLS packet, put them into the RADIUS packet, and the next module 
you configured will handle it.

From: Xiong Lu Ying [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Implement PEAP part 2 into Freeradius?
Date: Tue, 17 Jun 2003 12:05:52 +0800
Hi, all
I want to implement the PEAP part 2 into freeradius, and the first part of 
PEAP is successful, freeradius can recieve the PEAP part 2 message in the 
tls channel and decrypt it to clean data. The problem is, if I want to use 
another EAP method such as EAP/MD5 which is already in freeradius, how can 
I call that module?
Is anyone is doing the same thing? Thank you for your help!

Xiong Lu Ying
_
 MSN Hotmail  http://www.hotmail.com  

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problem when implementing TTLS

2003-06-13 Thread Zhou Ping 
Hello,

I have some problems when implementing the TTLS module. According to the draft, the 
client does not need to have a certificate to authenticate itself, which leads to 
phase 2 of the protocol. If the client has a proper certificate, then mutual 
authentication is achieved and there is no need for phase 2. So I think I have to 
modify the eaptls_ack_handler() to handle the Finished message. But how can I know if 
the client has already authenticated itself (i.e. it has a certificate)? Maybe I 
should also modify some of the callback function? Thanks for any help.

regards,
Zhou Ping~?????0~??b+?b?¥