Changed PEAPv0 cryptobinding to be disabled by default

author Jouni Malinen <jouni.malinen@atheros.com>

Thu, 20 Nov 2008 10:49:34 +0000 (12:49 +0200)

committer Jouni Malinen <j@w1.fi>

Thu, 20 Nov 2008 10:49:34 +0000 (12:49 +0200)
author Jouni Malinen <jouni.malinen@atheros.com>
Thu, 20 Nov 2008 10:49:34 +0000 (12:49 +0200)
committer Jouni Malinen <j@w1.fi>
Thu, 20 Nov 2008 10:49:34 +0000 (12:49 +0200)
diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h

index bd526ff7eb6d68499e24e8e166dd673b993a9125..f6126bb9c930f9ed318e4eda00ab6647034aab41 100644 (file)
--- a/src/eap_peer/eap_config.h
+++ b/src/eap_peer/eap_config.h
@@ -353,8 +353,8 @@ struct eap_peer_config {
          *
          * crypto_binding option can be used to control PEAPv0 cryptobinding
          * behavior:
-        * 0 = do not use cryptobinding
-        * 1 = use cryptobinding if server supports it (default)
+        * 0 = do not use cryptobinding (default)
+        * 1 = use cryptobinding if server supports it
          * 2 = require cryptobinding
          */
         char *phase1;
diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c

index 3af888c86f194be99a1d06140f0470d3bdca125f..a350448a8f233abbb108b78866fb3a64de0393ca 100644 (file)
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -140,7 +140,7 @@ static void * eap_peap_init(struct eap_sm *sm)
         data->peap_version = EAP_PEAP_VERSION;
         data->force_peap_version = -1;
         data->peap_outer_success = 2;
-       data->crypto_binding = OPTIONAL_BINDING;
+       data->crypto_binding = NO_BINDING;
  
         if (config && config->phase1 &&
             eap_peap_parse_phase1(data, config->phase1) < 0) {
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf

index 44dc3a17a143176d821a4ee9cc6fd33aa6b9645a..dd4f57979648fc1dd3c1a04b2e7dac47e111573d 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -394,8 +394,8 @@ fast_reauth=1
  #      protected result indication.
  #      'crypto_binding' option can be used to control PEAPv0 cryptobinding
  #      behavior:
-#       * 0 = do not use cryptobinding
-#       * 1 = use cryptobinding if server supports it (default)
+#       * 0 = do not use cryptobinding (default)
+#       * 1 = use cryptobinding if server supports it
  #       * 2 = require cryptobinding
  # phase2: Phase2 (inner authentication with TLS tunnel) parameters
  #      (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
author	Jouni Malinen <jouni.malinen@atheros.com>
	Thu, 20 Nov 2008 10:49:34 +0000 (12:49 +0200)
committer	Jouni Malinen <j@w1.fi>
	Thu, 20 Nov 2008 10:49:34 +0000 (12:49 +0200)
src/eap_peer/eap_config.h		patch \| blob \| blame \| history
src/eap_peer/eap_peap.c		patch \| blob \| blame \| history
wpa_supplicant/wpa_supplicant.conf		patch \| blob \| blame \| history