From mboxrd@z Thu Jan 1 00:00:00 1970 Message-Id: <200508080701.j7871H225258@zamenhof.cs.utwente.nl> To: 9fans@cse.psu.edu From: Axel Belinfante MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <25252.1123484477.1@zamenhof.cs.utwente.nl.cs.utwente.nl> Date: Mon, 8 Aug 2005 09:01:17 +0200 Subject: [9fans] how to reuse tls for eap-(t)tls for 802.1x? Topicbox-Message-UUID: 745f024c-ead0-11e9-9d60-3106f5b1d025 I'm looking at ieee 802.1x with eap-ttls. for the eap-ttls I need to do the tls handshake, as client, and then use the resulting security to transfer just a few messages. The existing tls code seems to do what I need, and more, but it assumes talking via a file descriptor to the other end (and offering a new fd as result). since I'm doing the encapsulation of messages myself in the eap code, I'm not sure how to deal with this. (not being familiar with security code doesn't help either) as far as I understand my problem now, it would be most ideal if I could use the existing code to do the 'mechanism', but I could tell it where to write the data that it wants to send, and I could feed it the data that comes from the other side. Right now the alternatives I see are: - write a deveap that does eap/eapol transport, such that tsl can be on top of that (eap is encapsulated in eapol which is on top of ethernet) (if everything is a file server, this may be the way to go, but more work than just hacking a user-level application) - copy what I need from the tsl code (not nice) - adapt tslhandle.c to offer additonal interface (not so easy) I hope I'm missing something obvious. If not, what would be the best/nicest approach? Axel.