On Wed, Jun 17, 2009 at 3:18 PM, Simon Josefsson<[email protected]> wrote: > Using GnuTLS in more EAP environments would be good, it has seen too > little testing there.
Talking of which.. Are there any plans on adding support for TLS Session Ticket (RFC 5077) into GnuTLS? It (or well, a bit modified version of it) would be needed to be able to implement EAP-FAST. I finally got the needed patch to do this into OpenSSL, but if I've understood correctly, this functionality is missing from GnuTLS and consequently, no EAP-FAST support with it is currently possible. By the way, http://www.gnu.org/software/gnutls/comparison.html could be updated to say that OpenSSL does support session tickets if seeing GnuTLS as the only row with red here would motivate someone to work on this ;-). wpa_supplicant and hostapd can be used with GnuTLS to implement EAP peer and server functionality for EAP-TLS, EAP-PEAP, and EAP-TTLS. Some Linux distros may even build these by default with GnuTLS, but I would assume that OpenSSL is used in most cases. It might even be possible to use the FreeRADIUS eap2 module and link that with the EAP server code from hostapd built with GnuTLS if someone is looking for an odd hack of using GnuTLS with FreeRADIUS. - Jouni _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
