[9fans] how to reuse tls for eap-(t)tls for 802.1x?

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: Axel Belinfante <Axel.Belinfante@cs.utwente.nl>
To: 9fans@cse.psu.edu
Subject: [9fans] how to reuse tls for eap-(t)tls for 802.1x?
Date: Mon,  8 Aug 2005 09:01:17 +0200	[thread overview]
Message-ID: <200508080701.j7871H225258@zamenhof.cs.utwente.nl> (raw)

I'm looking at ieee 802.1x with eap-ttls.
for the eap-ttls I need to do the tls handshake,
as client, and then use the resulting security
to transfer just a few messages.

The existing tls code seems to do what I need,
and more, but it assumes talking via a file descriptor
to the other end (and offering a new fd as result).
since I'm doing the encapsulation of messages
myself in the eap code, I'm not sure how to deal
with this.

(not being familiar with security code doesn't help either)
as far as I understand my problem now, it would be
most ideal if I could use the existing code to do
the 'mechanism', but I could tell it where to write
the data that it wants to send, and I could feed
it the data that comes from the other side.

Right now the alternatives I see are:
 - write a deveap that does eap/eapol transport,
   such that tsl can be on top of that
   (eap is encapsulated in eapol which is on top of ethernet)
   (if everything is a file server, this may be the
	way to go, but more work than just hacking
	a user-level application)
 - copy what I need from the tsl code (not nice)
 - adapt tslhandle.c to offer additonal interface
   (not so easy)

I hope I'm missing something obvious.
If not, what would be the best/nicest approach?

Axel.

next             reply	other threads:[~2005-08-08  7:01 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-08-08  7:01 Axel Belinfante [this message]
2005-08-08 11:34 ` Russ Cox

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200508080701.j7871H225258@zamenhof.cs.utwente.nl \
    --to=axel.belinfante@cs.utwente.nl \
    --cc=9fans@cse.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).