Interworking: Add credential realm to EAP-TLS identity
If the configured credential includes a username without '@' (i.e., no realm) in it and a realm, combine these to form the EAP-Request/Identity value as "<username>@<realm>" for EAP-TLS. This was already done for EAP-TTLS as part of the anonymous NAI conversion, but EAP-TLS could have ended up using a username without any realm information which would be unlikely to work properly with roaming cases. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
8b29661192
commit
c6c29be1bd
1 changed files with 18 additions and 1 deletions
|
@ -1451,7 +1451,24 @@ static int interworking_set_eap_params(struct wpa_ssid *ssid,
|
||||||
os_free(anon);
|
os_free(anon);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (cred->username && cred->username[0] &&
|
if (!ttls && cred->username && cred->username[0] && cred->realm &&
|
||||||
|
!os_strchr(cred->username, '@')) {
|
||||||
|
char *id;
|
||||||
|
size_t buflen;
|
||||||
|
int res;
|
||||||
|
|
||||||
|
buflen = os_strlen(cred->username) + 1 +
|
||||||
|
os_strlen(cred->realm) + 1;
|
||||||
|
|
||||||
|
id = os_malloc(buflen);
|
||||||
|
if (!id)
|
||||||
|
return -1;
|
||||||
|
os_snprintf(id, buflen, "%s@%s", cred->username, cred->realm);
|
||||||
|
res = wpa_config_set_quoted(ssid, "identity", id);
|
||||||
|
os_free(id);
|
||||||
|
if (res < 0)
|
||||||
|
return -1;
|
||||||
|
} else if (cred->username && cred->username[0] &&
|
||||||
wpa_config_set_quoted(ssid, "identity", cred->username) < 0)
|
wpa_config_set_quoted(ssid, "identity", cred->username) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue