On Thu, 2011-12-29 at 11:27 +0800, Gary Ching-Pang Lin wrote: > Hi all, > > I read the source code of network-manager-applet recently and > have some questions about the eap-method-tls.c. > > In eap-method-tls.c, there are several checks for the variable > "phase2" which isn't used in ttls or peap, and the variable is > initialized in eap_method_tls_new() and is never changed afterward. > However, I found that eap_method_tls_new() is called only in > wireless-security.c, and "phase2" is set to FALSE explicitly. > In other words, the phase2 functions in eap-method-tls.c were > never used. > > Here are my questions. > 1) Why "phase2" is declared but never used? For any further plan > or just a legacy of some old code?
It's actually used. The EAPMethod things are lightweight objects but don't use GObject, just plain C structures. So what's going on there is that phase2 gets passed into eap_method_tls_new() and then that is passed to the call to eap_method_init(). The object returned from that call is actually the EAPMethodTLS, or "self". Anywhere in that file you see EAPMethod/parent that means the EAPMethodTLS->parent, so the phase2 passed in here actually shows up as parent->phase2 throughout the file. It could be clearer if these were actually GObjects I suppose, since that's a standard understandable mechanism, instead of the pseudo-object stuff that I wrote here long ago. > 2) In what condition EAP-TLS will be used as "Phase 2"? > I googled related documents but only found the Phase 2 auth > methods for PEAP and TTLS. TTLS-TLS is a valid method: TTLS for the outer tunnel, and TLS for the inner tunnel. I've also heard that PEAP-TLS is used though that's a pretty pointless setup. Basically, TLS is a valid inner tunnel (ie, "phase2" method). Dan _______________________________________________ networkmanager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
