From 1296e4eacb456a509010033b82f19afe4dc7f224 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Wed, 1 Jun 2022 09:05:48 -0700 Subject: [PATCH] auto-t: allow wildcard phase1 for EAP tests This allows the EAP tests to pass, but the fix really needs to be in hostapd itself. Hostapd currently tries to lookup the EAP session immediately after receiving EAPOL_REAUTH. This uses the identity it has stored which, in the case of PEAP/TTLS, will always be a phase2 identity. During this initial lookup hostapd hard codes the identity to be phase1 which is not true for PEAP/TTLS, and the lookup fails. --- autotests/misc/secrets/eap-user.text | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/autotests/misc/secrets/eap-user.text b/autotests/misc/secrets/eap-user.text index 6f64b2f8..a34726d4 100644 --- a/autotests/misc/secrets/eap-user.text +++ b/autotests/misc/secrets/eap-user.text @@ -20,3 +20,8 @@ "ttls-mschapv2-phase2@example.com" TTLS-MSCHAPV2 "Password" [2] "ttls-pap-phase2@example.com" TTLS-PAP "Password" [2] "112345678@phonesim.org" SIM [2] + +# TODO: Hostapd is broken with phase1 lookups for reauthentication. +# Allowing a wildcard phase1 for PEAP/TTLS is a stop gap until +# hostapd is actually fixed. +* PEAP,TTLS