a8070e9bba
Clean-up
2016-09-02 14:07:56 +02:00
621669828b
Schannel and ownTLS MSK derivation unified
2016-09-02 14:03:34 +02:00
00aee5bb78
ownTLS updated
2016-09-02 11:38:28 +02:00
198b9a576e
Maximum packet size parameter is now optional
2016-09-02 10:19:39 +02:00
566785192a
Requirement that eap::method processes EAP packets only dropped, work with non-EAP methods simplified
2016-09-02 09:50:21 +02:00
6c11b23267
MSCHAPv2 stub added - it's a PAP clone, so selecting it does PAP really
2016-09-01 14:59:40 +02:00
56e2448f71
Clearing session resumption for ownTLS added.
...
(Have yet to learn how do you do this for Schannel. Better yet: How do you make Schannel resume a session in the first place.)
2016-09-01 14:59:03 +02:00
1e60d21860
On session reconnect skip inner re-authentication now
2016-09-01 12:49:20 +02:00
844b185887
EAP packet classes organized in hierarchy now
2016-09-01 10:25:33 +02:00
ae66af02a2
After careful review of draft-winter-opsawg-eap-metadata the pre/post-processing of <OuterIdentity> was found inaccurate and has been dropped
2016-09-01 05:54:36 +02:00
60f1b4ccfb
Pre&post-processing of XML configuration introduced to allow draft-winter-opsawg-eap-metadata-02 compliant XML profiles on the outside, while maintaining internal simplicity
2016-08-31 16:33:19 +02:00
c9be6f4f7b
Support for multiple identity providers of draft-winter-opsawg-eap-metadata XML configuration added
2016-08-31 14:39:27 +02:00
452fa4b9dc
Inserting single-occurrence XML elements with children simplified
2016-08-31 09:48:11 +02:00
68aec5dfb4
Namespace name is static member now
2016-08-31 08:43:03 +02:00
5dfd079686
Support for multi-provider management added to GUI
2016-08-31 00:36:19 +02:00
cafd786e19
Own TLS updated to keep it alive (now that the fuss around outer/inner methods settled)
2016-08-29 20:40:37 +02:00
a7c8052ee2
eap::method revised to support nesting, so the PAP method was made a stand-alone method
2016-08-29 20:05:58 +02:00
aa7c5bebda
Outer and inner TTLS credentials are combined separately now to provide finer feedback for more accurate logging (again)
2016-08-29 09:27:32 +02:00
ceece01b99
In case of previously-failed authentication attempts we are more careful now not to request credential prompt for machine authentication
2016-08-29 09:25:38 +02:00
e66a7eb9ba
dePAPization continues to pave the road for seamless MSCHAPv2 integration
2016-08-28 20:04:45 +02:00
6c66862eed
TTLS config and credentials are now expected to always have inner config and credentials object present; it can be blank, but it must not be nullptr
2016-08-28 17:43:06 +02:00
fc5e54db05
Inner configuration/credential management virtualized to reduce cluttering code
2016-08-28 17:20:24 +02:00
d20aafb3ff
Identity selection revised to support cases where TLS certificate is present but contains no usable username
2016-08-28 16:38:13 +02:00
9daa5b52a4
Incorrect letter case referencing EapHost service fixed
2016-08-27 06:58:57 +02:00
6077063599
The credentials are marked "invalid" at transition from handshake to application data phase only to prevent initial handshake problems from popping-up credential prompt when credentials have nothing to do with the connection failure.
2016-08-25 13:08:11 +02:00
d1c24efcf0
config_method_with_cred renamed to config_connection to describe it better
2016-08-24 11:39:37 +02:00
6835f5279c
Certificate (TLS) credentials support custom identity now
2016-08-24 11:03:18 +02:00
5332b538aa
Our own TLS merged back to master and compiles conditionally
2016-08-23 22:46:00 +02:00
9b997408a1
Switched to Schannel to do the TLS
2016-08-23 13:53:23 +02:00
df1d431bd0
- TLS revised (again)
...
- TLS Session resumption issues resolved
- Credential prompt has "Remember" checkbox initially selected when credentials originate from Windows Credential Manager
- Last authentication attempt failure notice is more general and no longer insinuate user credentials are the likely cause of the failure
- Additional log messages added
2016-08-17 11:50:34 +02:00
cabae26e0b
Flags describing handshake messages received assembled in a boolean table of flags
2016-08-17 09:01:11 +02:00
e9839706b6
TLS clean-up
2016-08-16 16:44:19 +02:00
85d7c3d4ec
Support for TLS 1.2 added
2016-08-16 00:47:47 +02:00
de802b7a28
Byte-enums redefined & code clean-up
2016-08-15 21:01:38 +02:00
d8ccf7cbc0
Credential management revised
2016-08-15 17:33:10 +02:00
e34d2ba275
Prefast declaration update
2016-08-15 15:10:42 +02:00
3d6849a523
Peer correctly returns providers configuration instead of method configuration in method_tls::get_result()
2016-08-15 14:13:14 +02:00
e807336e7b
The TLS phase can be determined from flags alone, therefore m_phase member eliminated
2016-08-15 10:40:27 +02:00
95426cde7c
Clean-up
2016-08-15 10:09:01 +02:00
92c62c53d7
16B PAP password padding added (RFC 5281)
2016-08-15 05:40:23 +02:00
99aa53726d
- PPP authentication EAP response packet is correctly formed now
...
- MS-MPPE-Send-Key/MS-MPPE-Recv-Key sorted out
2016-08-14 21:04:19 +02:00
956ef9bd4e
CryptGenRandom() return status check added
2016-08-14 16:22:59 +02:00
d1925a0704
method_tls::prf() simplified
2016-08-14 12:41:19 +02:00
a90a7722c7
PAP introduced
2016-08-13 18:56:37 +02:00
ae37c9aa6c
TLS and TTLS distinction
2016-08-13 18:55:33 +02:00
3d54c84430
method_ttls is now descendant of method_tls
2016-08-13 08:48:24 +02:00
1306c958fc
config_method_ttls is now descendant of config_method_tls
2016-08-13 08:48:01 +02:00
09924ea3d2
credentials_ttls is descendant of credentials_tls again
2016-08-13 08:36:10 +02:00
f7fdfb8dda
EAP packet type check moved to Main.cpp
2016-08-13 08:09:13 +02:00
a8c306953a
TLS work continues...
2016-08-11 15:13:50 +02:00
