I'm looking at ieee 802.1x with eap-ttls.
for the eap-ttls I need to do the tls handshake,
as client, and then use the resulting security
to transfer just a few messages.
The existing tls code seems to do what I need,
and more, but it assumes talking via a file descriptor
to the other end (and offering a new fd as result).
since I'm doing the encapsulation of messages
myself in the eap code, I'm not sure how to deal
with this.
(not being familiar with security code doesn't help either)
as far as I understand my problem now, it would be
most ideal if I could use the existing code to do
the 'mechanism', but I could tell it where to write
the data that it wants to send, and I could feed
it the data that comes from the other side.
Right now the alternatives I see are:
- write a deveap that does eap/eapol transport,
such that tsl can be on top of that
(eap is encapsulated in eapol which is on top of ethernet)
(if everything is a file server, this may be the
way to go, but more work than just hacking
a user-level application)
- copy what I need from the tsl code (not nice)
- adapt tslhandle.c to offer additonal interface
(not so easy)
I hope I'm missing something obvious.
If not, what would be the best/nicest approach?
Axel.
