>>>>> "Cantor," == Cantor, Scott E <[log in to unmask]> writes:
Cantor,> Where do the constraints in libeap come from? What API is
Cantor,> it using that limits the options?
Purely internal.
The methods that handle TLS (eap-ttls, eap-tls, peap and leap) each have
their own interaction with the TLS layer. There is a common
configuration for the server certificate that supports specificed CA,
directory containing CAs, Windows cert store, and hash of server cert.
There appear to be no APIs (and a number of abstraction in the way) to
get the server cert that was actually used.
Clearly libeap could be modified to be more flexible.
|