2012/1/6 Dan Williams <[email protected]>: > On Thu, 2011-12-29 at 11:27 +0800, Gary Ching-Pang Lin wrote: >> Hi all, >> >> I read the source code of network-manager-applet recently and >> have some questions about the eap-method-tls.c. >> >> In eap-method-tls.c, there are several checks for the variable >> "phase2" which isn't used in ttls or peap, and the variable is >> initialized in eap_method_tls_new() and is never changed afterward. >> However, I found that eap_method_tls_new() is called only in >> wireless-security.c, and "phase2" is set to FALSE explicitly. >> In other words, the phase2 functions in eap-method-tls.c were >> never used. >> >> Here are my questions. >> 1) Why "phase2" is declared but never used? For any further plan >> or just a legacy of some old code? > > It's actually used. The EAPMethod things are lightweight objects but > don't use GObject, just plain C structures. So what's going on there is > that phase2 gets passed into eap_method_tls_new() and then that is > passed to the call to eap_method_init(). The object returned from that > call is actually the EAPMethodTLS, or "self". Anywhere in that file you > see EAPMethod/parent that means the EAPMethodTLS->parent, so the phase2 > passed in here actually shows up as parent->phase2 throughout the file. > Thanks for the explanation. What's confusing me is that eap_method_tls_new() only appears in wireless-security.c besides eap-method-tls.*:
em_tls = eap_method_tls_new (sec, connection, FALSE, secrets_only); The statement assigns FALSE to phase2 explicitly. So even there are checks for phase2 in eap-method-tls.c, the variable is always FALSE, and the phase2 checks become kind of meaningless. > It could be clearer if these were actually GObjects I suppose, since > that's a standard understandable mechanism, instead of the pseudo-object > stuff that I wrote here long ago. > >> 2) In what condition EAP-TLS will be used as "Phase 2"? >> I googled related documents but only found the Phase 2 auth >> methods for PEAP and TTLS. > > TTLS-TLS is a valid method: TTLS for the outer tunnel, and TLS for the > inner tunnel. I've also heard that PEAP-TLS is used though that's a > pretty pointless setup. Basically, TLS is a valid inner tunnel (ie, > "phase2" method). > Ah, then that makes sense, though TTLS-TLS/PEAP-TLS seems too complicated for a normal user :-p Gary Lin _______________________________________________ networkmanager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
