alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
esp-idf/components/wpa_supplicant
History
Kapil Gupta 6f9cc06b30 fix(wpa_supplicant): (PEAP client) Update Phase 2 auth requirements 
The previous PEAP client behavior allowed the server to skip Phase 2
authentication with the expectation that the server was authenticated
during Phase 1 through TLS server certificate validation. Various PEAP
specifications are not exactly clear on what the behavior on this front
is supposed to be and as such, this ended up being more flexible than
the TTLS/FAST/TEAP cases. However, this is not really ideal when
unfortunately common misconfiguration of PEAP is used in deployed
devices where the server trust root (ca_cert) is not configured or the
user has an easy option for allowing this validation step to be skipped.

Change the default PEAP client behavior to be to require Phase 2
authentication to be successfully completed for cases where TLS session
resumption is not used and the client certificate has not been
configured. Those two exceptions are the main cases where a deployed
authentication server might skip Phase 2 and as such, where a more
strict default behavior could result in undesired interoperability
issues. Requiring Phase 2 authentication will end up disabling TLS
session resumption automatically to avoid interoperability issues.

Allow Phase 2 authentication behavior to be configured with a new phase1
configuration parameter option:
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
tunnel) behavior for PEAP:
 * 0 = do not require Phase 2 authentication
 * 1 = require Phase 2 authentication when client certificate
   (private_key/client_cert) is no used and TLS session resumption was
   not used (default)
 * 2 = require Phase 2 authentication in all cases
2024-03-15 13:22:10 +05:30
..
esp_supplicant
fix(esp_wifi): Reduce memory footprint for scan when SAE-PK is enabled
2024-03-13 10:48:07 +05:30
include/utils
wpa_supplicant: Add WPS registrar support for softAP mode
2022-05-24 12:11:53 +05:30
port
esp_wifi: Bugfix concurrency observed while doing eloop register
2023-07-04 09:42:18 +05:30
src
fix(wpa_supplicant): (PEAP client) Update Phase 2 auth requirements
2024-03-15 13:22:10 +05:30
test
ci(esp_wifi): unit test for fast PBKDF2 validation
2023-09-13 16:33:19 +08:00
CMakeLists.txt
fix(esp_wifi): Reduce memory footprint for scan when SAE-PK is enabled
2024-03-13 10:48:07 +05:30
COPYING
change(esp_wifi): Update copyright info for wpa_supplicant
2023-08-24 10:05:39 +05:30
linker.lf
fix(wifi): Add support to move supplicant BSS to external memory
2024-01-27 10:54:26 +05:30
README
wpa_supplicant: bypass sonar checks for upstream code
2021-07-22 14:12:22 +08:00
README.md
esp_wifi: Merge wpa_supplicant and esp_wifi Kconfig
2023-02-11 07:38:45 +08:00

README.md

'wpa_supplicant'

This component contains the upstream wpa_supplicant ported for ESP family of platforms. The code is tightly coupled with esp_wifi component which has ESP WiFi libraries and header files that are used in ported supplicant.

ESP uses MbedTLS as crypto library therefore MbedTLS component is also required for some features to work(see ESP_WIFI_MBEDTLS_CRYPTO).

To port it for different OS, esp_wifi and wpa_supplicant should be picked up a whole system(preferably with MbedTLS if we want all features to work.)