Support TTLS-PAP - Githubissues

espressif / arduino-esp32

Arduino core for the ESP32

GNU Lesser General Public License v2.1

13.53k stars 7.39k forks source link

Support TTLS-PAP #6427

Closed hgshoggins closed 2 years ago

hgshoggins commented 2 years ago

Related area

Wifi

Hardware specification

ESP32

Is your feature request related to a problem?

We're missing the EAP-TTLS + PAP, as it's clearly stated in esp_wpa2.h that

@attention 2. wpa2 enterprise authentication can only support TLS, PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method.

A lot of corporate/student networks support/require PAP.

Describe the solution you'd like

Support PAP as PHASE2 like it is offered in the esp_eap_ttls_phase2_types ENUM:

typedef enum {
    ESP_EAP_TTLS_PHASE2_EAP,
    ESP_EAP_TTLS_PHASE2_MSCHAPV2,
    ESP_EAP_TTLS_PHASE2_MSCHAP,
    ESP_EAP_TTLS_PHASE2_PAP,
    ESP_EAP_TTLS_PHASE2_CHAP
} esp_eap_ttls_phase2_types ;

Describe alternatives you've considered

None, we need PAP.

Additional context

No response

I have checked existing list of Feature requests and the Contribution Guide

[X] I confirm I have checked existing list of Feature requests and Contribution Guide.

me-no-dev commented 2 years ago

Will https://github.com/espressif/arduino-esp32/pull/6398 resolve the issue?

VojtechBartoska commented 2 years ago

Hello @hgshoggins, any chance you take a look on mentioned PR above?

hgshoggins commented 2 years ago

I'd love to, but actually I'm not sure how I can manage to do so. Ideally, I would work directly from published upstream master. Unless you guide me on how to work from that PR, but that's out of the scope of these comments, and I'm afraid I don't have time/skills for that.

Clearly, here is what is at stake right now: I have a WiFi network to which I connect machines (Linux + Windows + Android) authenticating to a RADIUS server through EAP-TTLS (PAP for Phase2), and I can see it's not working with my ESP32, but that's all I can debug (as well as the RADIUS server's debug log saying the ESP32 is refusing the EAP type). And noting that, the comment in the code saying that only TLS, PEAP-MSCHAPv2 and TTLS-MSCHAPv2 methods are supported pointed me here in the Issues section. But I might not be your best chance to debug further.

I hope someone else can.

VojtechBartoska commented 2 years ago

Thanks for your fast answer @hgshoggins, to validate your issue you can just download version 2.0.3-RC1 we released yesterday and it includes mentioned PR.

To do so, you need to change link in Arduino IDE settings to development release link, take a look here on installing guide.

If there is something unclear, don't hesitate to ask :)

VojtechBartoska commented 2 years ago

Hello,

as there was no answer in more than 14 days, I'm closing the issue as expired to keep our backlog manageable.

If it's still needed, please reopen the issue.

Thanks for understanding.