Closed jornane closed 3 years ago
jornane
commented
3 years ago Apparently, this is not entirely correct.
This opposite from what we expect
jornane
commented
3 years ago I have been able reproduce this by downloading a profile with TTLS-EAP-MSCHAPv2, as triggered by this CAT bug. I have not been able to trigger this using corrected profiles, where TTLS-EAP-MSCHAPv2 is replaced by TTLS-MSCHAPv2. ~I think HS20 does not support TTLS at all, regardless if EAP is sandwiched in there, so the code checking HS20 support should probably be updated.~
pbsds
commented
3 years ago EapConfig.AuthMethod.Hs2AuthMethod should decide this behavior. Otherwise the hs2 logic lies in EduroamNetwork. InstallSomething
jornane
commented
3 years ago Apparently this is simply the known XML schema validation failures, which should not be possible, but was possible anyway because ProfileXml.SupportsHs2 never actually called UserDataXml.IsSupported(authMethod).
I've debugged this a bit with @pauldekkers and we found that Windows will allow you to configure any AuthMethod for HS20 that it allows for SSID. We didn't test this yet, but it seems promising. I'll make a PR to remove special checks for HS20 but to also make sure that an unsupported AuthMethod cannot sneak in.
In a profile that supports both PEAP and TTLS but prefers PEAP, the application will attempt to configure HS20 with PEAP, which is not possible, and so
WlanSetProfileEapXmlUserDatafails with the undocumented error57893(or0xE225)In this situation, the SSID must be configured with PEAP and HS20 must be configured with TTLS.