Version set to 1.0-alpha12

The credentials are marked "invalid" at transition from handshake to application data phase only to prevent initial handshake problems from popping-up credential prompt when credentials have nothing to do with the connection failure.
First application data message is now appended piggyback to the last client handshake message
2016-08-25 13:10:42 +02:00 · 2016-08-25 13:08:11 +02:00 · 2016-08-25 13:00:47 +02:00 · 2016-08-25 12:58:56 +02:00 · 2016-08-25 12:57:47 +02:00 · 2016-08-25 10:46:35 +02:00
42 changed files with 2930 additions and 293 deletions
--- a/EAPMethods/MSIBuild/Makefile
+++ b/EAPMethods/MSIBuild/Makefile
--- a/EAPMethods/locale/EAPMethods.pot
+++ b/EAPMethods/locale/EAPMethods.pot
@@ -2,7 +2,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: EAPMethods\n"
-"POT-Creation-Date: 2016-06-10 12:06+0200\n"
+"POT-Creation-Date: 2016-08-25 10:43+0200\n"
 "PO-Revision-Date: 2016-06-02 12:27+0200\n"
 "Last-Translator: Simon Rozman <simon.rozman@amebis.si>\n"
 "Language-Team: Amebis, d. o. o., Kamnik <info@amebis.si>\n"
@@ -11,8 +11,6 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "X-Generator: Poedit 1.8.8\n"
 "X-Poedit-Basepath: ../..\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 "Language: en_US\n"
 "X-Poedit-SourceCharset: UTF-8\n"
 "X-Poedit-KeywordsList: _\n"
 "X-Poedit-SearchPath-0: lib/EAPBase_UI\n"
@@ -21,70 +19,203 @@ msgstr ""
 "X-Poedit-SearchPath-3: lib/TTLS_UI\n"
 "X-Poedit-SearchPath-4: EAPMethods\n"
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:123 lib/EAPBase_UI/res/wxEAP_UI.cpp:200
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:37
 msgid "Advanced..."
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:38
 msgid "Opens dialog with provider settings"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:174 lib/EAPBase_UI/res/wxEAP_UI.cpp:296
 msgid "Client Credentials"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:134
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:185
-msgid "Manage your credentials stored in Windows Credential Manager."
+msgid "Manage credentials used to connect."
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:144
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:198
-msgid "Identity:"
+msgid "Use &own credentials:"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:149
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:199
-msgid "Enter your user name here (user@domain.org, DOMAINUser, etc.)"
+msgid "Select this option if you have your unique credentials to connect"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:159
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:204
-msgid "&Set Credentials..."
+msgid "Your credentials loaded from Windows Credential Manager"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:160
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:214
 msgid "Click here to set or modify your credentials"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:164
 msgid "&Clear Credentials"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:165
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:215
 msgid ""
 "Click to clear your credentials from Credential Manager.\n"
 "Note: You will be prompted to enter credentials when connecting."
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:211
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:219 lib/EAPBase_UI/res/wxEAP_UI.cpp:252
 msgid "&Set Credentials..."
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:220 lib/EAPBase_UI/res/wxEAP_UI.cpp:253
 msgid "Click here to set or modify your credentials"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:236
 msgid "Use &pre-shared credentials:"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:237
 msgid "Select this options if all clients connect using the same credentials"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:242
 msgid "Common (pre-shared) credentials"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:307
 msgid "Please provide your user ID and password."
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:221
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:317
 msgid "User ID:"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:226
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:322
 msgid "Enter your user name here (user@domain.org, DOMAIN\\User, etc.)"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:230
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:326
 msgid "Password:"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:235
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:331
 msgid "Enter your password here"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:242 lib/TLS_UI/res/wxTLS_UI.cpp:164
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:338 lib/TLS_UI/res/wxTLS_UI.cpp:183
 msgid "&Remember"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:243
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:339
 msgid "Check if you would like to save username and password"
 msgstr ""
-#: lib/PAP_UI/src/PAP_UI.cpp:41
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:361
-msgid "This method requires no additional settings."
+msgid "Your Organization"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:372
 msgid "Describe your organization to customize user prompts.  When organization is introduced, end-users find program messages easier to understand and act."
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:379
 msgid "Your organization &name:"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:384
 msgid "Your organization name as it will appear on helpdesk contact notifications"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:388
 msgid "(Keep it short, please)"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:398
 msgid "Helpdesk contact &information:"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:408
 msgid "¶"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:415
 msgid "Your helpdesk website address"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:419
 msgid "*"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:426
 msgid "Your helpdesk e-mail address"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:430
 msgid ")"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:437
 msgid "Your helpdesk phone number"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:471
 msgid "Configuration Lock"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:482
 msgid "Your configuration can be locked to prevent accidental modification by end-users. Users will only be allowed to enter credentials."
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:489
 msgid "&Lock this configuration and prevent any further modification via user interface."
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:492
 msgid "(Warning: Once locked, you can not revert using this dialog!)"
 msgstr ""
 #: lib/EAPBase_UI/src/EAP_UI.cpp:88
 #, c-format
 msgid "%s Credentials"
 msgstr ""
 #: lib/EAPBase_UI/src/EAP_UI.cpp:118
 #, c-format
 msgid "For additional help and instructions, please contact %s at:"
 msgstr ""
 #: lib/EAPBase_UI/src/EAP_UI.cpp:120
 #, c-format
 msgid "your %ls provider"
 msgstr ""
 #: lib/EAPBase_UI/src/EAP_UI.cpp:120
 msgid "your provider"
 msgstr ""
 #: lib/EAPBase_UI/src/EAP_UI.cpp:139
 msgid "Open the default web browser"
 msgstr ""
 #: lib/EAPBase_UI/src/EAP_UI.cpp:150
 msgid "Open your e-mail program"
 msgstr ""
 #: lib/EAPBase_UI/src/EAP_UI.cpp:161
 msgid "Dial the phone number"
 msgstr ""
 #: lib/EAPBase_UI/src/EAP_UI.cpp:180
 #, c-format
 msgid "%s has pre-set parts of this configuration. Those parts are locked to prevent accidental modification."
 msgstr ""
 #: lib/EAPBase_UI/src/EAP_UI.cpp:182
 #, c-format
 msgid "Your %ls provider"
 msgstr ""
 #: lib/EAPBase_UI/src/EAP_UI.cpp:182
 msgid "Your provider"
 msgstr ""
 #: lib/EAPBase_UI/src/EAP_UI.cpp:201
 msgid "Previous attempt to connect failed. Please, make sure your credentials are correct, or try again later."
 msgstr ""
 #: lib/TLS_UI/res/wxTLS_UI.cpp:17
@@ -132,11 +263,11 @@ msgid "Acceptable server &names:"
 msgstr ""
 #: lib/TLS_UI/res/wxTLS_UI.cpp:77
-msgid "A semicolon delimited list of acceptable server FQDN names; blank to skip name check; \"*\" wildchar allowed"
+msgid "A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed"
 msgstr ""
 #: lib/TLS_UI/res/wxTLS_UI.cpp:81
-msgid "(Example: foo.bar.com;*.domain.org)"
+msgid "(Example: foo.bar.com;server2.bar.com)"
 msgstr ""
 #: lib/TLS_UI/res/wxTLS_UI.cpp:120
@@ -167,48 +298,59 @@ msgstr ""
 msgid "Client certificate to use for authentication"
 msgstr ""
-#: lib/TLS_UI/res/wxTLS_UI.cpp:165
+#: lib/TLS_UI/res/wxTLS_UI.cpp:167
 msgid "Custom &identity:"
 msgstr ""
 #: lib/TLS_UI/res/wxTLS_UI.cpp:172
 msgid "Your identity (username@domain) to override one from certificate; or blank to use one provided in certificate"
 msgstr ""
 #: lib/TLS_UI/res/wxTLS_UI.cpp:176
 msgid "(Example: user@contoso.com)"
 msgstr ""
 #: lib/TLS_UI/res/wxTLS_UI.cpp:184
 msgid "Check if you would like to save certificate selection"
 msgstr ""
-#: lib/TLS_UI/src/TLS_UI.cpp:199
+#: lib/TLS_UI/src/TLS_UI.cpp:118
 #, c-format
 msgid "Invalid character in host name found: %c"
 msgstr ""
-#: lib/TLS_UI/src/TLS_UI.cpp:199
+#: lib/TLS_UI/src/TLS_UI.cpp:118
 msgid "Validation conflict"
 msgstr ""
-#: lib/TLS_UI/src/TLS_UI.cpp:551
+#: lib/TLS_UI/src/TLS_UI.cpp:514
 msgid "Add Certificate"
 msgstr ""
-#: lib/TLS_UI/src/TLS_UI.cpp:552
+#: lib/TLS_UI/src/TLS_UI.cpp:515
 msgid "Certificate Files (*.cer;*.crt;*.der;*.p7b;*.pem)"
 msgstr ""
-#: lib/TLS_UI/src/TLS_UI.cpp:553
+#: lib/TLS_UI/src/TLS_UI.cpp:516
 msgid "X.509 Certificate Files (*.cer;*.crt;*.der;*.pem)"
 msgstr ""
-#: lib/TLS_UI/src/TLS_UI.cpp:554
+#: lib/TLS_UI/src/TLS_UI.cpp:517
 msgid "PKCS #7 Certificate Files (*.p7b)"
 msgstr ""
-#: lib/TLS_UI/src/TLS_UI.cpp:555
+#: lib/TLS_UI/src/TLS_UI.cpp:518
 msgid "All Files (*.*)"
 msgstr ""
-#: lib/TLS_UI/src/TLS_UI.cpp:571
+#: lib/TLS_UI/src/TLS_UI.cpp:534
 #, c-format
 msgid "Invalid or unsupported certificate file %s"
 msgstr ""
-#: lib/TLS_UI/src/TLS_UI.cpp:571
+#: lib/TLS_UI/src/TLS_UI.cpp:534
 #, fuzzy
 msgid "Error"
-msgstr "Napaka pri nalaganju knjižnice MSI.DLL (%1!ld!)."
+msgstr ""
 #: lib/TTLS_UI/res/wxTTLS_UI.cpp:17
 msgid "Outer Identity"
@@ -219,7 +361,7 @@ msgid "Select the user ID supplicant introduces itself as to authenticator:"
 msgstr ""
 #: lib/TTLS_UI/res/wxTTLS_UI.cpp:35
-msgid "&Same as inner identity"
+msgid "&True identity"
 msgstr ""
 #: lib/TTLS_UI/res/wxTTLS_UI.cpp:36
@@ -246,96 +388,93 @@ msgstr ""
 msgid "Custom outer identity to use"
 msgstr ""
-#: lib/TTLS_UI/src/TTLS_UI.cpp:92
+#: lib/TTLS_UI/src/Module.cpp:231 lib/TTLS_UI/src/Module.cpp:241
-msgid "Outer Authentication"
+#: lib/EAPBase_UI/include/EAP_UI.h:582
 #, c-format
 msgid "Error writing credentials to Credential Manager: %hs (error %u)"
 msgstr ""
-#: lib/TTLS_UI/src/TTLS_UI.cpp:105
+#: lib/TTLS_UI/src/Module.cpp:233 lib/TTLS_UI/src/Module.cpp:243
 #: lib/EAPBase_UI/include/EAP_UI.h:584
 msgid "Writing credentials failed."
 msgstr ""
 #: lib/TTLS_UI/src/TTLS_UI.cpp:108 lib/TTLS_UI/src/TTLS_UI.cpp:215
 msgid "Inner Authentication"
 msgstr ""
-#: lib/TTLS_UI/src/TTLS_UI.cpp:111
+#: lib/TTLS_UI/src/TTLS_UI.cpp:114
 msgid "Select inner authentication method from the list"
 msgstr ""
-#: lib/TTLS_UI/src/TTLS_UI.cpp:112
+#: lib/TTLS_UI/src/TTLS_UI.cpp:116
 msgid "PAP"
 msgstr ""
-#: lib/EAPBase_UI/include/EAP_UI.h:217
+#: lib/TTLS_UI/src/TTLS_UI.cpp:121 lib/TTLS_UI/src/TTLS_UI.cpp:236
 msgid "Outer Authentication"
 msgstr ""
 #: lib/EAPBase_UI/include/EAP_UI.h:253
 msgid "EAP Credentials"
 msgstr ""
 #: lib/EAPBase_UI/include/EAP_UI.h:422
 msgid "Provider Settings"
 msgstr ""
 #: lib/EAPBase_UI/include/EAP_UI.h:502 lib/EAPBase_UI/include/EAP_UI.h:529
 msgid "<blank>"
 msgstr ""
-#: lib/EAPBase_UI/include/EAP_UI.h:223
+#: lib/EAPBase_UI/include/EAP_UI.h:508
 #, c-format
 msgid "<error %u>"
 msgstr ""
-#: lib/EAPBase_UI/include/EAP_UI.h:246
+#: lib/EAPBase_UI/include/EAP_UI.h:568
 #, c-format
 msgid "Error reading credentials from Credential Manager: %hs (error %u)"
 msgstr ""
 #: lib/EAPBase_UI/include/EAP_UI.h:570
 msgid "Reading credentials failed."
 msgstr ""
 #: lib/EAPBase_UI/include/EAP_UI.h:595
 #, c-format
 msgid "Deleting credentials failed (error %u)."
 msgstr ""
-#: lib/EAPBase_UI/include/EAP_UI.h:300
+#: lib/EAPBase_UI/include/EAP_UI.h:817
-#, c-format
+msgid "<Your Organization>"
 msgid "Error reading credentials from Credential Manager: %ls (error %u)"
 msgstr ""
-#: lib/EAPBase_UI/include/EAP_UI.h:303
+#: lib/EAPBase_UI/res/wxEAP_UI.h:60
 #, c-format
 msgid "Reading credentials failed (error %u)."
 msgstr ""
 #: lib/EAPBase_UI/include/EAP_UI.h:318
 #, c-format
 msgid "Error writing credentials to Credential Manager: %ls (error %u)"
 msgstr ""
 #: lib/EAPBase_UI/include/EAP_UI.h:321
 #, c-format
 msgid "Writing credentials failed (error %u)."
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.h:56
 msgid "EAP Method Configuration"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.h:81
 msgid "EAP Credentials"
 msgstr ""
 #: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:3
 #: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:3
 #: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:3
 #: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:3
 #, fuzzy
 msgid "1252"
 msgstr "1250"
 #: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:4
 #: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:4
 #: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:4
 #: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:4
 msgid "EAP Peer Methods"
 msgstr ""
 #: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:4
 #: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:4
-#: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:4
+#: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:4
 msgid "EAP Methods"
 msgstr ""
 #: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:4
 #: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:4
 msgid "Modules to support individual EAP methods"
 msgstr ""
 #: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:5
 #: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:5
 #: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:5
 #: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:5
 msgid "TTLS"
 msgstr ""
 #: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:5
 #: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:5
 #: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:5
 #: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:5
 msgid "Tunneled Transport Layer Security"
 msgstr ""
--- a/EventMonitor/App.cpp
+++ b/EventMonitor/App.cpp
@@ -66,12 +66,12 @@ bool wxEventMonitorApp::OnInit()
 #ifdef __WXMSW__
    // Find EventMonitor window if already running.
-    HWND okno = ::FindWindow(_T("wxWindowNR"), _("Event Monitor"));
+    HWND hWnd = ::FindWindow(_T("wxWindowNR"), _("Event Monitor"));
-    if (okno) {
+    if (hWnd) {
-        if (::IsIconic(okno))
+        if (::IsIconic(hWnd))
-            ::SendMessage(okno, WM_SYSCOMMAND, SC_RESTORE, 0);
+            ::SendMessage(hWnd, WM_SYSCOMMAND, SC_RESTORE, 0);
-        ::SetActiveWindow(okno);
+        ::SetActiveWindow(hWnd);
-        ::SetForegroundWindow(okno);
+        ::SetForegroundWindow(hWnd);
        // Not an error condition actually; Just nothing else to do...
        return false;
--- a/BIN
+++ b/BIN
--- a/include/Common.props
+++ b/include/Common.props
@@ -32,7 +32,7 @@
  <ItemDefinitionGroup>
    <ClCompile>
      <WarningLevel>Level4</WarningLevel>
-      <PreprocessorDefinitions>_WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;SECURITY_WIN32;CERT_CHAIN_PARA_HAS_EXTRA_FIELDS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;SECURITY_WIN32;CERT_CHAIN_PARA_HAS_EXTRA_FIELDS;EAP_TLS=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <PrecompiledHeader>Use</PrecompiledHeader>
      <PrecompiledHeaderFile>StdAfx.h</PrecompiledHeaderFile>
      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
--- a/include/Version.h
+++ b/include/Version.h
@@ -29,7 +29,7 @@
 // Product version as a single DWORD
 // Note: Used for version comparison within C/C++ code.
 //
-#define PRODUCT_VERSION          0x00ff0a00
+#define PRODUCT_VERSION          0x00ff0c00
 //
 // Product version by components
@@ -39,26 +39,26 @@
 //
 #define PRODUCT_VERSION_MAJ      0
 #define PRODUCT_VERSION_MIN      255
-#define PRODUCT_VERSION_REV      10
+#define PRODUCT_VERSION_REV      12
 #define PRODUCT_VERSION_BUILD    0
 //
 // Human readable product version and build year for UI
 //
-#define PRODUCT_VERSION_STR      "1.0-alpha10"
+#define PRODUCT_VERSION_STR      "1.0-alpha12"
 #define PRODUCT_BUILD_YEAR_STR   "2016"
 //
 // Numerical version presentation for ProductVersion propery in
 // MSI packages (syntax: N.N[.N[.N]])
 //
-#define PRODUCT_VERSION_INST     "0.255.10"
+#define PRODUCT_VERSION_INST     "0.255.12"
 //
 // The product code for ProductCode property in MSI packages
 // Replace with new on every version change, regardless how minor it is.
 //
-#define PRODUCT_VERSION_GUID     "{2A743CF3-8AAE-416B-B779-2EC1F509121D}"
+#define PRODUCT_VERSION_GUID     "{6F5B0B97-B6BB-4D3E-9FEC-41E6CDC3868F}"
 //
 // Since the product name is not finally confirmed at the time of
--- a/lib/EAPBase/include/Config.h
+++ b/lib/EAPBase/include/Config.h
@@ -40,14 +40,14 @@ namespace eap
    class config_method_with_cred;
    ///
-    /// Base class for single provider configuration storage
+    /// Provider configuration storage
    ///
    class config_provider;
    ///
-    /// Base class for the list of providers configuration storage
+    /// Connection configuration storage
    ///
-    class config_provider_list;
+    class config_connection;
 }
 ///
@@ -454,7 +454,7 @@ namespace eap
    };
-    class config_provider_list : public config
+    class config_connection : public config
    {
    public:
        ///
@@ -462,21 +462,21 @@ namespace eap
        ///
        /// \param[in] mod  EAP module to use for global services
        ///
-        config_provider_list(_In_ module &mod);
+        config_connection(_In_ module &mod);
        ///
        /// Copies configuration
        ///
        /// \param[in] other  Configuration to copy from
        ///
-        config_provider_list(_In_ const config_provider_list &other);
+        config_connection(_In_ const config_connection &other);
        ///
        /// Moves configuration
        ///
        /// \param[in] other  Configuration to move from
        ///
-        config_provider_list(_Inout_ config_provider_list &&other);
+        config_connection(_Inout_ config_connection &&other);
        ///
        /// Copies configuration
@@ -485,7 +485,7 @@ namespace eap
        ///
        /// \returns Reference to this object
        ///
-        config_provider_list& operator=(_In_ const config_provider_list &other);
+        config_connection& operator=(_In_ const config_connection &other);
        ///
        /// Moves configuration
@@ -494,7 +494,7 @@ namespace eap
        ///
        /// \returns Reference to this object
        ///
-        config_provider_list& operator=(_Inout_ config_provider_list &&other);
+        config_connection& operator=(_Inout_ config_connection &&other);
        ///
        /// Clones configuration
--- a/lib/EAPBase/include/Credentials.h
+++ b/lib/EAPBase/include/Credentials.h
@@ -120,6 +120,52 @@ namespace eap
        ///
        virtual bool empty() const;
        /// \name XML configuration management
        /// @{
        ///
        /// Save to XML document
        ///
        /// \param[in]  pDoc         XML document
        /// \param[in]  pConfigRoot  Suggested root element for saving
        ///
        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
        ///
        /// Load from XML document
        ///
        /// \param[in]  pConfigRoot  Root element for loading
        ///
        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
        /// @}
        /// \name BLOB management
        /// @{
        ///
        /// Packs a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator<<(_Inout_ cursor_out &cursor) const;
        ///
        /// Returns packed size of a configuration
        ///
        /// \returns Size of data when packed (in bytes)
        ///
        virtual size_t get_pk_size() const;
        ///
        /// Unpacks a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator>>(_Inout_ cursor_in &cursor);
        /// @}
        /// \name Storage
        /// @{
@@ -164,12 +210,15 @@ namespace eap
        ///
        /// Returns credential identity.
        ///
-        virtual std::wstring get_identity() const = 0;
+        virtual std::wstring get_identity() const;
        ///
        /// Returns credential name (for GUI display).
        ///
        virtual winstd::tstring get_name() const;
    public:
        std::wstring m_identity;    ///< Identity (username\@domain, certificate name etc.)
    };
@@ -294,13 +343,7 @@ namespace eap
        /// @}
        ///
        /// Returns credential identity.
        ///
        virtual std::wstring get_identity() const;
    public:
        std::wstring               m_identity;  ///< Identity (username\@domain, certificate name etc.)
        winstd::sanitizing_wstring m_password;  ///< Password
    private:
--- a/lib/EAPBase/include/EAP.h
+++ b/lib/EAPBase/include/EAP.h
@@ -391,6 +391,31 @@ template<size_t N> inline size_t pksizeof(_In_ const eap::sanitizing_blob_f<N> &
 ///
 template<size_t N> inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::sanitizing_blob_f<N> &val);
 ///
 /// Packs a GUID
 ///
 /// \param[inout] cursor  Memory cursor
 /// \param[in]    val     Variable with data to pack
 ///
 inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const GUID &val);
 ///
 /// Returns packed size of a GUID
 ///
 /// \param[in] val  Data to pack
 ///
 /// \returns Size of data when packed (in bytes)
 ///
 inline size_t pksizeof(_In_ const GUID &val);
 ///
 /// Unpacks a GUID
 ///
 /// \param[inout] cursor  Memory cursor
 /// \param[out]   val     Variable to receive unpacked value
 ///
 inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ GUID &val);
 #ifndef htonll
 ///
 /// Convert host converts an unsigned __int64 from host to TCP/IP network byte order.
@@ -975,6 +1000,31 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::sanitizing_blo
 }
 inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const GUID &val)
 {
    eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(GUID);
    assert(ptr_end <= cursor.ptr_end);
    memcpy(cursor.ptr, &val, sizeof(GUID));
    cursor.ptr = ptr_end;
 }
 inline size_t pksizeof(_In_ const GUID &val)
 {
    UNREFERENCED_PARAMETER(val);
    return sizeof(GUID);
 }
 inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ GUID &val)
 {
    eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(GUID);
    assert(ptr_end <= cursor.ptr_end);
    memcpy(&val, cursor.ptr, sizeof(GUID));
    cursor.ptr = ptr_end;
 }
 #ifndef htonll
 inline unsigned __int64 htonll(unsigned __int64 val)
--- a/lib/EAPBase/include/Method.h
+++ b/lib/EAPBase/include/Method.h
@@ -51,10 +51,10 @@ namespace eap
        /// Constructs an EAP method
        ///
        /// \param[in] mod   EAP module to use for global services
-        /// \param[in] cfg   Providers configuration
+        /// \param[in] cfg   Connection configuration
        /// \param[in] cred  User credentials
        ///
-        method(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials &cred);
+        method(_In_ module &module, _In_ config_connection &cfg, _In_ credentials &cred);
        ///
@@ -130,8 +130,8 @@ namespace eap
        method& operator=(_In_ const method &other);
    public:
-        module &m_module;               ///< EAP module
+        module &m_module;           ///< EAP module
-        config_provider_list &m_cfg;    ///< Providers configuration
+        config_connection &m_cfg;   ///< Connection configuration
-        credentials &m_cred;            ///< User credentials
+        credentials &m_cred;        ///< User credentials
    };
 }
--- a/lib/EAPBase/src/Config.cpp
+++ b/lib/EAPBase/src/Config.cpp
@@ -609,40 +609,40 @@ void eap::config_provider::operator>>(_Inout_ cursor_in &cursor)
 //////////////////////////////////////////////////////////////////////
-// eap::config_provider_list
+// eap::config_connection
 //////////////////////////////////////////////////////////////////////
-eap::config_provider_list::config_provider_list(_In_ module &mod) : config(mod)
+eap::config_connection::config_connection(_In_ module &mod) : config(mod)
 {
 }
-eap::config_provider_list::config_provider_list(_In_ const config_provider_list &other) :
+eap::config_connection::config_connection(_In_ const config_connection &other) :
    m_providers(other.m_providers),
    config(other)
 {
 }
-eap::config_provider_list::config_provider_list(_Inout_ config_provider_list &&other) :
+eap::config_connection::config_connection(_Inout_ config_connection &&other) :
    m_providers(std::move(other.m_providers)),
    config(std::move(other))
 {
 }
-eap::config_provider_list& eap::config_provider_list::operator=(_In_ const config_provider_list &other)
+eap::config_connection& eap::config_connection::operator=(_In_ const config_connection &other)
 {
    if (this != &other) {
        (config&)*this = other;
-        m_providers = other.m_providers;
+        m_providers    = other.m_providers;
    }
    return *this;
 }
-eap::config_provider_list& eap::config_provider_list::operator=(_Inout_ config_provider_list &&other)
+eap::config_connection& eap::config_connection::operator=(_Inout_ config_connection &&other)
 {
    if (this != &other) {
        (config&&)*this = std::move(other);
@@ -653,13 +653,13 @@ eap::config_provider_list& eap::config_provider_list::operator=(_Inout_ config_p
 }
-eap::config* eap::config_provider_list::clone() const
+eap::config* eap::config_connection::clone() const
 {
-    return new config_provider_list(*this);
+    return new config_connection(*this);
 }
-void eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
+void eap::config_connection::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
 {
    config::save(pDoc, pConfigRoot);
@@ -686,7 +686,7 @@ void eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNod
 }
-void eap::config_provider_list::load(_In_ IXMLDOMNode *pConfigRoot)
+void eap::config_connection::load(_In_ IXMLDOMNode *pConfigRoot)
 {
    assert(pConfigRoot);
    HRESULT hr;
@@ -714,14 +714,14 @@ void eap::config_provider_list::load(_In_ IXMLDOMNode *pConfigRoot)
 }
-void eap::config_provider_list::operator<<(_Inout_ cursor_out &cursor) const
+void eap::config_connection::operator<<(_Inout_ cursor_out &cursor) const
 {
    config::operator<<(cursor);
    cursor << m_providers;
 }
-size_t eap::config_provider_list::get_pk_size() const
+size_t eap::config_connection::get_pk_size() const
 {
    return
        config::get_pk_size() +
@@ -729,7 +729,7 @@ size_t eap::config_provider_list::get_pk_size() const
 }
-void eap::config_provider_list::operator>>(_Inout_ cursor_in &cursor)
+void eap::config_connection::operator>>(_Inout_ cursor_in &cursor)
 {
    config::operator>>(cursor);
--- a/lib/EAPBase/src/Credentials.cpp
+++ b/lib/EAPBase/src/Credentials.cpp
@@ -36,12 +36,14 @@ eap::credentials::credentials(_In_ module &mod) : config(mod)
 eap::credentials::credentials(_In_ const credentials &other) :
    m_identity(other.m_identity),
    config(other)
 {
 }
 eap::credentials::credentials(_Inout_ credentials &&other) :
    m_identity(std::move(other.m_identity)),
    config(std::move(other))
 {
 }
@@ -49,8 +51,10 @@ eap::credentials::credentials(_Inout_ credentials &&other) :
 eap::credentials& eap::credentials::operator=(_In_ const credentials &other)
 {
-    if (this != &other)
+    if (this != &other) {
        (config&)*this = other;
        m_identity     = other.m_identity;
    }
    return *this;
 }
@@ -58,8 +62,10 @@ eap::credentials& eap::credentials::operator=(_In_ const credentials &other)
 eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other)
 {
-    if (this != &other)
+    if (this != &other) {
        (config&)*this = std::move(other);
        m_identity     = std::move(other.m_identity);
    }
    return *this;
 }
@@ -67,13 +73,73 @@ eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other)
 void eap::credentials::clear()
 {
    m_identity.clear();
 }
 bool eap::credentials::empty() const
 {
-    // Base class always report empty credentials.
+    return m_identity.empty();
-    return true;
+}
 void eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
 {
    assert(pDoc);
    assert(pConfigRoot);
    config::save(pDoc, pConfigRoot);
    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
    HRESULT hr;
    // <UserName>
    if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <UserName> element.");
 }
 void eap::credentials::load(_In_ IXMLDOMNode *pConfigRoot)
 {
    assert(pConfigRoot);
    HRESULT hr;
    config::load(pConfigRoot);
    std::wstring xpath(eapxml::get_xpath(pConfigRoot));
    if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)))
        throw com_runtime_error(hr, __FUNCTION__ " Error reading <UserName> element.");
    m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
 }
 void eap::credentials::operator<<(_Inout_ cursor_out &cursor) const
 {
    config::operator<<(cursor);
    cursor << m_identity;
 }
 size_t eap::credentials::get_pk_size() const
 {
    return
        config::get_pk_size() +
        pksizeof(m_identity);
 }
 void eap::credentials::operator>>(_Inout_ cursor_in &cursor)
 {
    config::operator>>(cursor);
    cursor >> m_identity;
 }
 wstring eap::credentials::get_identity() const
 {
    return m_identity;
 }
@@ -93,7 +159,6 @@ eap::credentials_pass::credentials_pass(_In_ module &mod) : credentials(mod)
 eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) :
    m_identity(other.m_identity),
    m_password(other.m_password),
    credentials(other)
 {
@@ -101,7 +166,6 @@ eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) :
 eap::credentials_pass::credentials_pass(_Inout_ credentials_pass &&other) :
    m_identity(std::move(other.m_identity)),
    m_password(std::move(other.m_password)),
    credentials(std::move(other))
 {
@@ -112,7 +176,6 @@ eap::credentials_pass& eap::credentials_pass::operator=(_In_ const credentials_p
 {
    if (this != &other) {
        (credentials&)*this = other;
        m_identity          = other.m_identity;
        m_password          = other.m_password;
    }
@@ -124,7 +187,6 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass
 {
    if (this != &other) {
        (credentials&)*this = std::move(other);
        m_identity          = std::move(other.m_identity);
        m_password          = std::move(other.m_password);
    }
@@ -135,14 +197,13 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass
 void eap::credentials_pass::clear()
 {
    credentials::clear();
    m_identity.clear();
    m_password.clear();
 }
 bool eap::credentials_pass::empty() const
 {
-    return credentials::empty() && m_identity.empty() && m_password.empty();
+    return credentials::empty() && m_password.empty();
 }
@@ -156,10 +217,6 @@ void eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p
    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
    HRESULT hr;
    // <UserName>
    if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <UserName> element.");
    // <Password>
    bstr pass(m_password);
    hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass);
@@ -178,11 +235,6 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
    std::wstring xpath(eapxml::get_xpath(pConfigRoot));
    if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)))
        throw com_runtime_error(hr, __FUNCTION__ " Error reading <UserName> element.");
    m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
    bstr pass;
    if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)))
        throw com_runtime_error(hr, __FUNCTION__ " Error reading <Password> element.");
@@ -202,7 +254,6 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
 void eap::credentials_pass::operator<<(_Inout_ cursor_out &cursor) const
 {
    credentials::operator<<(cursor);
    cursor << m_identity;
    cursor << m_password;
 }
@@ -211,7 +262,6 @@ size_t eap::credentials_pass::get_pk_size() const
 {
    return
        credentials::get_pk_size() +
        pksizeof(m_identity) +
        pksizeof(m_password);
 }
@@ -219,7 +269,6 @@ size_t eap::credentials_pass::get_pk_size() const
 void eap::credentials_pass::operator>>(_Inout_ cursor_in &cursor)
 {
    credentials::operator>>(cursor);
    cursor >> m_identity;
    cursor >> m_password;
 }
@@ -289,7 +338,7 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName)
        m_identity.clear();
    wstring xpath(pszTargetName);
-    m_module.log_config((xpath + L"/Username").c_str(), m_identity.c_str());
+    m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
    m_module.log_config((xpath + L"/Password").c_str(),
 #ifdef _DEBUG
        m_password.c_str()
@@ -300,12 +349,6 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName)
 }
 std::wstring eap::credentials_pass::get_identity() const
 {
    return m_identity;
 }
 const unsigned char eap::credentials_pass::s_entropy[1024] = {
    0x40, 0x88, 0xd3, 0x13, 0x81, 0x8a, 0xf6, 0x74, 0x55, 0x8e, 0xcc, 0x73, 0x2c, 0xf8, 0x93, 0x37,
    0x4f, 0xeb, 0x1d, 0x66, 0xb7, 0xfb, 0x47, 0x75, 0xb4, 0xfd, 0x07, 0xbb, 0xf6, 0xb3, 0x05, 0x30,
--- a/lib/EAPBase/src/Method.cpp
+++ b/lib/EAPBase/src/Method.cpp
@@ -28,7 +28,7 @@ using namespace winstd;
 // eap::method
 //////////////////////////////////////////////////////////////////////
-eap::method::method(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials &cred) :
+eap::method::method(_In_ module &module, _In_ config_connection &cfg, _In_ credentials &cred) :
    m_module(module),
    m_cfg(cfg),
    m_cred(cred)
--- a/lib/EAPBase/src/Module.cpp
+++ b/lib/EAPBase/src/Module.cpp
@@ -91,26 +91,26 @@ EAP_ERROR* eap::module::make_error(_In_ std::exception &err) const
    MultiByteToWideChar(CP_ACP, 0, err.what(), -1, what);
    {
-        win_runtime_error &e(dynamic_cast<win_runtime_error&>(err));
+        win_runtime_error *e = dynamic_cast<win_runtime_error*>(&err);
-        if (&e)
+        if (e)
-            return make_error(e.number(), what.c_str());
+            return make_error(e->number(), what.c_str());
    }
    {
-        com_runtime_error &e(dynamic_cast<com_runtime_error&>(err));
+        com_runtime_error *e = dynamic_cast<com_runtime_error*>(&err);
-        if (&e)
+        if (e)
-            return make_error(HRESULT_CODE(e.number()), what.c_str());
+            return make_error(HRESULT_CODE(e->number()), what.c_str());
    }
    {
-        sec_runtime_error &e(dynamic_cast<sec_runtime_error&>(err));
+        sec_runtime_error *e = dynamic_cast<sec_runtime_error*>(&err);
-        if (&e)
+        if (e)
-            return make_error(HRESULT_CODE(e.number()), what.c_str());
+            return make_error(SCODE_CODE(e->number()), what.c_str());
    }
    {
-        invalid_argument &e(dynamic_cast<invalid_argument&>(err));
+        invalid_argument *e = dynamic_cast<invalid_argument*>(&err);
-        if (&e)
+        if (e)
            return make_error(ERROR_INVALID_PARAMETER, what.c_str());
    }
--- a/lib/EAPBase_UI/include/EAP_UI.h
+++ b/lib/EAPBase_UI/include/EAP_UI.h
@@ -100,6 +100,14 @@ inline bool wxSetIconFromResource(wxStaticBitmap *bmp, wxIcon &icon, HINSTANCE h
 ///
 inline wxString wxEAPGetProviderName(const std::wstring &id);
 namespace eap
 {
    ///
    /// Base class to prevent multiple instances of the same dialog
    ///
    class monitor_ui;
 }
 #pragma once
 #include <wx/msw/winundef.h> // Fixes `CreateDialog` name collision
@@ -142,10 +150,10 @@ public:
    ///
    /// Constructs a configuration dialog
    ///
-    /// \param[inout] cfg     Providers configuration data
+    /// \param[inout] cfg     Connection configuration
    /// \param[in]    parent  Parent window
    ///
-    wxEAPConfigDialog(eap::config_provider_list &cfg, wxWindow* parent) :
+    wxEAPConfigDialog(eap::config_connection &cfg, wxWindow* parent) :
        m_cfg(cfg),
        wxEAPConfigDialogBase(parent)
    {
@@ -207,7 +215,7 @@ protected:
 protected:
-    eap::config_provider_list &m_cfg;  ///< EAP providers configuration
+    eap::config_connection &m_cfg;  ///< Connection configuration
 };
@@ -217,7 +225,7 @@ public:
    ///
    /// Constructs a dialog
    ///
-    wxEAPGeneralDialog(wxWindow* parent, const wxString& title = wxEmptyString);
+    wxEAPGeneralDialog(wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = wxEmptyString, const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
    ///
    /// Adds panels to the dialog
@@ -242,7 +250,7 @@ public:
    ///
    /// Constructs a credential dialog
    ///
-    wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent);
+    wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = _("EAP Credentials"), const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
 };
@@ -411,7 +419,7 @@ public:
    /// \param[inout] prov    Provider configuration data
    /// \param[in]    parent  Parent window
    ///
-    wxEAPConfigProvider(eap::config_provider &prov, wxWindow* parent);
+    wxEAPConfigProvider(eap::config_provider &prov, wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = _("Provider Settings"), const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
 protected:
    eap::config_provider &m_prov;           ///< EAP method configuration
@@ -808,3 +816,55 @@ inline wxString wxEAPGetProviderName(const std::wstring &id)
    return
        !id.empty() ? id : _("<Your Organization>");
 }
 namespace eap
 {
    class monitor_ui
    {
    public:
        monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid);
        virtual ~monitor_ui();
        void set_popup(_In_ HWND hwnd);
        void release_slaves(_In_bytecount_(size) const void *data, _In_ size_t size) const;
        inline bool is_master() const
        {
            return m_is_master;
        }
        inline bool is_slave() const
        {
            return !is_master();
        }
        inline const std::vector<unsigned char>& master_data() const
        {
            return m_data;
        }
    protected:
        virtual LRESULT winproc(
            _In_ UINT   msg,
            _In_ WPARAM wparam,
            _In_ LPARAM lparam);
        static LRESULT CALLBACK winproc(
            _In_ HWND   hwnd,
            _In_ UINT   msg,
            _In_ WPARAM wparam,
            _In_ LPARAM lparam);
    protected:
        bool m_is_master;                   ///< Is this monitor master?
        HWND m_hwnd;                        ///< Message window handle
        std::list<HWND> m_slaves;           ///< List of slaves to notify on finish
        HWND m_hwnd_popup;                  ///< Pop-up window handle
        std::vector<unsigned char> m_data;  ///< Data master sent
        // Custom window messages
        static const UINT s_msg_attach;     ///< Slave sends this message to attach to master
        static const UINT s_msg_finish;     ///< Master sends this message to slaves to notify them it has finished (wparam has size, lparam has data)
    };
 }
--- a/lib/EAPBase_UI/res/wxEAP_UI.cpp
+++ b/lib/EAPBase_UI/res/wxEAP_UI.cpp
@@ -412,7 +412,7 @@ wxEAPProviderIdentityPanelBase::wxEAPProviderIdentityPanelBase( wxWindow* parent
 	sb_provider_helpdesk_inner->Add( m_provider_web_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
 	m_provider_web = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
-	m_provider_web->SetToolTip( _("Your helpdesk website") );
+	m_provider_web->SetToolTip( _("Your helpdesk website address") );
 	sb_provider_helpdesk_inner->Add( m_provider_web, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );
--- a/lib/EAPBase_UI/res/wxEAP_UI.fbp
+++ b/lib/EAPBase_UI/res/wxEAP_UI.fbp
@@ -3370,7 +3370,7 @@
                                                        <property name="style"></property>
                                                        <property name="subclass"></property>
                                                        <property name="toolbar_pane">0</property>
-                                                        <property name="tooltip">Your helpdesk website</property>
+                                                        <property name="tooltip">Your helpdesk website address</property>
                                                        <property name="validator_data_type"></property>
                                                        <property name="validator_style">wxFILTER_NONE</property>
                                                        <property name="validator_type">wxDefaultValidator</property>
--- a/lib/EAPBase_UI/src/EAP_UI.cpp
+++ b/lib/EAPBase_UI/src/EAP_UI.cpp
@@ -41,7 +41,8 @@ bool wxEAPBannerPanel::AcceptsFocusFromKeyboard() const
 // wxEAPGeneralDialog
 //////////////////////////////////////////////////////////////////////
-wxEAPGeneralDialog::wxEAPGeneralDialog(wxWindow* parent, const wxString& title) : wxEAPGeneralDialogBase(parent, wxID_ANY, title)
+wxEAPGeneralDialog::wxEAPGeneralDialog(wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
    wxEAPGeneralDialogBase(parent, id, title, pos, size, style)
 {
    // Set extra style here, as wxFormBuilder overrides all default flags.
    this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY);
@@ -80,7 +81,8 @@ void wxEAPGeneralDialog::OnInitDialog(wxInitDialogEvent& event)
 // wxEAPCredentialsDialog
 //////////////////////////////////////////////////////////////////////
-wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent) : wxEAPGeneralDialog(parent, _("EAP Credentials"))
+wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
    wxEAPGeneralDialog(parent, id, title, pos, size, style)
 {
    // Set banner title.
    m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), wxEAPGetProviderName(prov.m_id).c_str()));
@@ -328,12 +330,12 @@ bool wxEAPProviderLockPanel::TransferDataFromWindow()
 // wxEAPConfigProvider
 //////////////////////////////////////////////////////////////////////
-wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow* parent) :
+wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
    m_prov(prov),
-    wxEAPGeneralDialog(parent, _("Provider Settings"))
+    wxEAPGeneralDialog(parent, id, title, pos, size, style)
 {
    // Set banner title.
-    m_banner->m_title->SetLabel(_("Provider Settings"));
+    m_banner->m_title->SetLabel(title);
    m_identity = new wxEAPProviderIdentityPanel(prov, this);
    AddContent(m_identity);
@@ -343,3 +345,196 @@ wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow* p
    m_identity->m_provider_name->SetFocusFromKbd();
 }
 using namespace std;
 using namespace winstd;
 //////////////////////////////////////////////////////////////////////
 // eap::monitor_ui
 //////////////////////////////////////////////////////////////////////
 eap::monitor_ui::monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid) :
    m_hwnd_popup(NULL)
 {
    // Verify if the monitor is already running.
    const WNDCLASSEX wnd_class_desc = {
        sizeof(WNDCLASSEX), // cbSize
        0,                  // style
        winproc,            // lpfnWndProc
        0,                  // cbClsExtra
        0,                  // cbWndExtra
        module,             // hInstance
        NULL,               // hIcon
        NULL,               // hCursor
        NULL,               // hbrBackground
        NULL,               // lpszMenuName
        _T(__FUNCTION__),   // lpszClassName
        NULL                // hIconSm
    };
    ATOM wnd_class = RegisterClassEx(&wnd_class_desc);
    if (!wnd_class)
        throw win_runtime_error(__FUNCTION__ " Error registering master monitor window class.");
    tstring_guid guid_str(guid);
    HWND hwnd_master = FindWindowEx(HWND_MESSAGE, NULL, (LPCTSTR)wnd_class, guid_str.c_str());
    if (hwnd_master) {
        // Another monitor is already running.
        m_is_master = false;
        // Register slave windows class slightly different, not to include slaves in FindWindowEx().
        const WNDCLASSEX wnd_class_desc = {
            sizeof(WNDCLASSEX),             // cbSize
            0,                              // style
            winproc,                        // lpfnWndProc
            0,                              // cbClsExtra
            0,                              // cbWndExtra
            module,                         // hInstance
            NULL,                           // hIcon
            NULL,                           // hCursor
            NULL,                           // hbrBackground
            NULL,                           // lpszMenuName
            _T(__FUNCTION__) _T("-Slave"),  // lpszClassName
            NULL                            // hIconSm
        };
        wnd_class = RegisterClassEx(&wnd_class_desc);
        if (!wnd_class)
            throw win_runtime_error(__FUNCTION__ " Error registering slave monitor window class.");
    } else {
        // This is a fresh monitor.
        m_is_master = true;
    }
    m_hwnd = CreateWindowEx(
        0,                  // dwExStyle
        (LPCTSTR)wnd_class, // lpClassName
        guid_str.c_str(),   // lpWindowName
        0,                  // dwStyle
        0,                  // x
        0,                  // y
        0,                  // nWidth
        0,                  // nHeight
        HWND_MESSAGE,       // hWndParent
        NULL,               // hMenu
        module,             // hInstance
        this);              // lpParam
    if (!m_is_master) {
        // Notify master we are waiting him.
        SendMessage(hwnd_master, s_msg_attach, 0, (LPARAM)m_hwnd);
        // Slaves must pump message queue until finished.
        MSG msg;
        while (GetMessage(&msg, NULL, 0, 0) > 0) {
            TranslateMessage(&msg);
            DispatchMessage(&msg);
        }
    }
 }
 eap::monitor_ui::~monitor_ui()
 {
    if (m_hwnd)
        DestroyWindow(m_hwnd);
 }
 void eap::monitor_ui::set_popup(_In_ HWND hwnd)
 {
    m_hwnd_popup = hwnd;
 }
 void eap::monitor_ui::release_slaves(_In_bytecount_(size) const void *data, _In_ size_t size) const
 {
    assert(!size || data);
    for (list<HWND>::const_iterator slave = m_slaves.begin(), slave_end = m_slaves.end(); slave != slave_end; ++slave) {
        // Get slave's PID.
        DWORD pid_slave;
        GetWindowThreadProcessId(*slave, &pid_slave);
        // Get slave's process handle.
        process proc_slave;
        if (!proc_slave.open(PROCESS_VM_OPERATION | PROCESS_VM_WRITE, 0, pid_slave))
            continue;
        // Allocate memory in slave's virtual memory space and save data to it.
        vmemory mem_slave;
        if (!mem_slave.alloc(proc_slave, NULL, size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE))
            continue;
        if (!WriteProcessMemory(proc_slave, mem_slave, data, size, NULL))
            continue;
        // Notify slave. Use SendMessage(), not PostMessage(), as memory will get cleaned up.
        SendMessage(*slave, s_msg_finish, (WPARAM)size, (LPARAM)(LPVOID)mem_slave);
    }
 }
 LRESULT eap::monitor_ui::winproc(
    _In_ UINT   msg,
    _In_ WPARAM wparam,
    _In_ LPARAM lparam)
 {
    UNREFERENCED_PARAMETER(wparam);
    if (msg == s_msg_attach) {
        // Attach a new slave.
        assert(m_is_master);
        m_slaves.push_back((HWND)lparam);
        if (m_hwnd_popup) {
            // Bring pop-up window up.
            if (::IsIconic(m_hwnd_popup))
                ::SendMessage(m_hwnd_popup, WM_SYSCOMMAND, SC_RESTORE, 0);
            ::SetActiveWindow(m_hwnd_popup);
            ::SetForegroundWindow(m_hwnd_popup);
        }
        return TRUE;
    } else if (msg == s_msg_finish) {
        // Master finished.
        assert(!m_is_master);
        m_data.assign((const unsigned char*)lparam, (const unsigned char*)lparam + wparam);
        // Finish slave too.
        DestroyWindow(m_hwnd);
        return TRUE;
    } else if (msg == WM_DESTROY) {
        // Stop the message pump.
        PostQuitMessage(0);
        return 0;
    }
    return DefWindowProc(m_hwnd, msg, wparam, lparam);
 }
 LRESULT CALLBACK eap::monitor_ui::winproc(
    _In_ HWND   hwnd,
    _In_ UINT   msg,
    _In_ WPARAM wparam,
    _In_ LPARAM lparam)
 {
    if (msg == WM_CREATE) {
        // Set window's user data to "this" pointer.
        const CREATESTRUCT *cs = (CREATESTRUCT*)lparam;
        SetWindowLongPtr(hwnd, GWLP_USERDATA, (LONG_PTR)cs->lpCreateParams);
        // Forward to our handler.
        return ((eap::monitor_ui*)cs->lpCreateParams)->winproc(msg, wparam, lparam);
    } else {
        // Get "this" pointer from window's user data.
        eap::monitor_ui *_this = (eap::monitor_ui*)GetWindowLongPtr(hwnd, GWLP_USERDATA);
        if (_this) {
            // Forward to our handler.
            return _this->winproc(msg, wparam, lparam);
        } else
            return DefWindowProc(hwnd, msg, wparam, lparam);
    }
 }
 const UINT eap::monitor_ui::s_msg_attach  = RegisterWindowMessage(_T(PRODUCT_NAME_STR) _T("-Attach"));
 const UINT eap::monitor_ui::s_msg_finish  = RegisterWindowMessage(_T(PRODUCT_NAME_STR) _T("-Finish"));
--- a/lib/Events/res/EventsETW.man
+++ b/lib/Events/res/EventsETW.man
--- a/lib/TLS/include/Config.h
+++ b/lib/TLS/include/Config.h
@@ -25,6 +25,10 @@
 #include <sal.h>
 #define EAP_TLS_OWN             0   ///< We do the TLS ourself
 #define EAP_TLS_SCHANNEL        1   ///< TLS is done by Schannel, but server certificate check is done ourself
 #define EAP_TLS_SCHANNEL_FULL   2   ///< TLS is fully done by Schannel
 namespace eap
 {
    ///
@@ -168,5 +172,11 @@ namespace eap
    public:
        std::list<winstd::cert_context> m_trusted_root_ca;  ///< Trusted root CAs
        std::list<std::wstring> m_server_names;             ///< Acceptable authenticating server names
 #if EAP_TLS < EAP_TLS_SCHANNEL
        // Following members are used for session resumptions. They are not exported/imported to XML.
        sanitizing_blob m_session_id;                       ///< TLS session ID
        tls_master_secret m_master_secret;                  ///< TLS master secret
 #endif
    };
 }
--- a/lib/TLS/include/Credentials.h
+++ b/lib/TLS/include/Credentials.h
@@ -180,11 +180,6 @@ namespace eap
        ///
        virtual std::wstring get_identity() const;
        ///
        /// Returns credential name (for GUI display).
        ///
        virtual winstd::tstring get_name() const;
        ///
        /// Combine credentials in the following order:
        ///
--- a/lib/TLS/include/Method.h
+++ b/lib/TLS/include/Method.h
@@ -128,15 +128,28 @@ namespace eap
            std::vector<unsigned char> m_data;          ///< Packet data
        };
 #pragma pack(push)
 #pragma pack(1)
        ///
        /// TLS message
        ///
        struct message_header
        {
            tls_message_type_t type;    ///< Message type (one of `message_type_t` constants)
            tls_version version;        ///< SSL/TLS version
            unsigned char length[2];    ///< Message length (in network byte order)
        };
 #pragma pack(pop)
    public:
        ///
        /// Constructs an EAP method
        ///
        /// \param[in] mod   EAP module to use for global services
-        /// \param[in] cfg   Providers configuration
+        /// \param[in] cfg   Connection configuration
        /// \param[in] cred  User credentials
        ///
-        method_tls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_tls &cred);
+        method_tls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_tls &cred);
        ///
        /// Moves an EAP method
@@ -204,6 +217,152 @@ namespace eap
        /// @}
    protected:
 #if EAP_TLS < EAP_TLS_SCHANNEL
        /// \name Client handshake message generation
        /// @{
        ///
        /// Makes a TLS client hello message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.1.2. Client Hello)](https://tools.ietf.org/html/rfc5246#section-7.4.1.2)
        ///
        /// \returns Client hello message
        ///
        sanitizing_blob make_client_hello();
        ///
        /// Makes a TLS client certificate message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.6. Client Certificate)](https://tools.ietf.org/html/rfc5246#section-7.4.6)
        ///
        /// \returns Client certificate message
        ///
        sanitizing_blob make_client_cert() const;
        ///
        /// Makes a TLS client key exchange message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.7. Client Key Exchange Message )](https://tools.ietf.org/html/rfc5246#section-7.4.7)
        ///
        /// \param[in] pms  Pre-master secret
        ///
        /// \returns Client key exchange message
        ///
        sanitizing_blob make_client_key_exchange(_In_ const tls_master_secret &pms) const;
        ///
        /// Makes a TLS finished message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
        ///
        /// \returns Change cipher spec
        ///
        eap::sanitizing_blob make_finished() const;
        /// @}
        /// \name Client/Server handshake hashing
        /// @{
        ///
        /// Hashes handshake message for "finished" message validation.
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.9. Finished)](https://tools.ietf.org/html/rfc5246#section-7.4.9)
        ///
        /// \param[in] data  Data to hash
        /// \param[in] size  \p data size in bytes
        ///
        inline void hash_handshake(_In_count_(size) const void *data, _In_ size_t size)
        {
            CryptHashData(m_hash_handshake_msgs_md5   , (const BYTE*)data, (DWORD)size, 0);
            CryptHashData(m_hash_handshake_msgs_sha1  , (const BYTE*)data, (DWORD)size, 0);
            CryptHashData(m_hash_handshake_msgs_sha256, (const BYTE*)data, (DWORD)size, 0);
        }
        ///
        /// Hashes handshake message for "finished" message validation.
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.9. Finished)](https://tools.ietf.org/html/rfc5246#section-7.4.9)
        ///
        /// \param[in] data  Data to hash
        /// \param[in] size  \p data size in bytes
        ///
        template<class _Ty, class _Ax>
        inline void hash_handshake(_In_ const std::vector<_Ty, _Ax> &data)
        {
            hash_handshake(data.data(), data.size() * sizeof(_Ty));
        }
        /// @}
        ///
        /// Makes a TLS message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
        ///
        /// \param[in]    type  Message type
        /// \param[inout] data  Message data contents
        ///
        /// \returns TLS message message
        ///
        eap::sanitizing_blob make_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &&data);
        /// @}
        /// \name Key derivation
        /// @{
        ///
        /// Generates master session key
        ///
        /// \sa [The EAP-TLS Authentication Protocol (Chapter 2.3. Key Hierarchy)](https://tools.ietf.org/html/rfc5216#section-2.3)
        ///
        virtual void derive_msk();
        /// @}
        /// \name Server message processing
        /// @{
        ///
        /// Processes messages in a TLS packet
        ///
        /// \param[in] pck       Packet data
        /// \param[in] size_pck  \p pck size in bytes
        ///
        void process_packet(_In_bytecount_(size_pck) const void *pck, _In_ size_t size_pck);
        ///
        /// Processes a TLS change_cipher_spec message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.1. Change Cipher Spec Protocol)](https://tools.ietf.org/html/rfc5246#section-7.1)
        ///
        /// \param[in] msg       TLS change_cipher_spec message data
        /// \param[in] msg_size  TLS change_cipher_spec message data size
        ///
        virtual void process_change_cipher_spec(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
        ///
        /// Processes a TLS alert message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2)
        ///
        /// \param[in] msg       TLS alert message data
        /// \param[in] msg_size  TLS alert message data size
        ///
        virtual void process_alert(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
        ///
        /// Processes a TLS handshake message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4. Handshake Protocol)](https://tools.ietf.org/html/rfc5246#section-7.4)
        ///
        /// \param[in] msg       TLS handshake message data
        /// \param[in] msg_size  TLS handshake message data size
        ///
        virtual void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
 #else
        ///
        /// Process handshake
        ///
@@ -213,29 +372,172 @@ namespace eap
        /// Process application data
        ///
        void process_application_data();
 #endif
        ///
-        /// Processes an application message
+        /// Processes a TLS application_data message
        ///
-        /// \param[in] msg       Application message data
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 10. Application Data Protocol)](https://tools.ietf.org/html/rfc5246#section-10)
        /// \param[in] size_msg  Application message data size
        ///
-        virtual void process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg);
+        /// \param[in] msg       TLS application_data message data
        /// \param[in] msg_size  TLS application_data message data size
        ///
        virtual void process_application_data(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
-#ifndef SCHANNEL_SRV_CERT_CHECK
+        /// @}
 #if EAP_TLS < EAP_TLS_SCHANNEL_FULL
        ///
        /// Verifies server's certificate if trusted by configuration
        ///
        void verify_server_trust() const;
 #endif
 #if EAP_TLS < EAP_TLS_SCHANNEL
        /// \name Encryption
        /// @{
        ///
        /// Encrypt TLS message
        ///
        /// \param[in]    type  Message type
        /// \param[inout] data  TLS message to encrypt
        ///
        void encrypt_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &data);
        ///
        /// Decrypt TLS message
        ///
        /// \param[in]    type  Original message type for HMAC verification
        /// \param[inout] data  TLS message to decrypt
        ///
        void decrypt_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &data);
        /// @}
        /// \name Pseudo-random generation
        /// @{
        ///
        /// Calculates pseudo-random P_hash data defined in RFC 5246
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5)
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5)
        ///
        /// \param[in] cp         Handle of the cryptographics provider
        /// \param[in] alg        Hashing Algorithm to use (CALG_TLS1PRF = combination of MD5 and SHA-1, CALG_SHA_256...)
        /// \param[in] secret     Hashing secret key
        /// \param[in] seed       Random seed
        /// \param[in] size_seed  \p seed size
        /// \param[in] size       Number of bytes of pseudo-random data required
        ///
        /// \returns Generated pseudo-random data (\p size bytes)
        ///
        static sanitizing_blob prf(
            _In_                            HCRYPTPROV        cp,
            _In_                            ALG_ID            alg,
            _In_                      const tls_master_secret &secret,
            _In_bytecount_(size_seed) const void              *seed,
            _In_                            size_t            size_seed,
            _In_                            size_t            size);
        ///
        /// Calculates pseudo-random P_hash data defined in RFC 5246
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5)
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5)
        ///
        /// \param[in] cp      Handle of the cryptographics provider
        /// \param[in] alg     Hashing Algorithm to use (CALG_TLS1PRF = combination of MD5 and SHA-1, CALG_SHA_256...)
        /// \param[in] secret  Hashing secret key
        /// \param[in] seed    Random seed
        /// \param[in] size    Number of bytes of pseudo-random data required
        ///
        /// \returns Generated pseudo-random data (\p size bytes)
        ///
        template<class _Ty, class _Ax>
        inline static sanitizing_blob prf(
            _In_       HCRYPTPROV            cp,
            _In_       ALG_ID                alg,
            _In_ const tls_master_secret     &secret,
            _In_ const std::vector<_Ty, _Ax> &seed,
            _In_       size_t                size)
        {
            return prf(cp, alg, secret, seed.data(), seed.size() * sizeof(_Ty), size);
        }
        /// @}
        ///
        /// Creates a key
        ///
        /// \sa [How to export and import plain text session keys by using CryptoAPI](https://support.microsoft.com/en-us/kb/228786)
        ///
        /// \param[in] cp           Handle of the cryptographics provider
        /// \param[in] alg          Key algorithm
        /// \param[in] key          Key that decrypts \p secret
        /// \param[in] secret       Key data
        /// \param[in] size_secret  \p secret size
        ///
        /// \returns Key
        ///
        HCRYPTKEY create_key(
            _In_                              HCRYPTPROV cp,
            _In_                              ALG_ID     alg,
            _In_                              HCRYPTKEY  key,
            _In_bytecount_(size_secret) const void       *secret,
            _In_                              size_t     size_secret);
 #endif
    protected:
        credentials_tls &m_cred;                                ///< EAP-TLS user credentials
        HANDLE m_user_ctx;                                      ///< Handle to user context
        packet m_packet_req;                                    ///< Request packet
        packet m_packet_res;                                    ///< Response packet
-        HANDLE m_user_ctx;                                      ///< Handle to user context
+#if EAP_TLS < EAP_TLS_SCHANNEL
        winstd::crypt_prov m_cp;                                ///< Cryptography provider for general services
        winstd::crypt_prov m_cp_enc_client;                     ///< Cryptography provider for encryption
        winstd::crypt_prov m_cp_enc_server;                     ///< Cryptography provider for encryption
        winstd::crypt_key m_key_exp1;                           ///< Key for importing derived keys
        tls_version m_tls_version;                              ///< TLS version in use
        ALG_ID m_alg_prf;                                       ///< Pseudo-random function algorithm in use
        tls_conn_state m_state_client;                          ///< Client TLS connection state
        tls_conn_state m_state_client_pending;                  ///< Client TLS connection state (pending)
        tls_conn_state m_state_server;                          ///< Server TLS connection state
        tls_conn_state m_state_server_pending;                  ///< Server TLS connection state (pending)
        tls_master_secret m_master_secret;                      ///< TLS master secret
        tls_random m_random_client;                             ///< Client random
        tls_random m_random_server;                             ///< Server random
        tls_random m_key_mppe_client;                           ///< MS-MPPE-Recv-Key
        tls_random m_key_mppe_server;                           ///< MS-MPPE-Send-Key
        sanitizing_blob m_session_id;                           ///< TLS session ID
        std::list<winstd::cert_context> m_server_cert_chain;    ///< Server certificate chain
        winstd::crypt_hash m_hash_handshake_msgs_md5;           ///< Running MD5 hash of handshake messages
        winstd::crypt_hash m_hash_handshake_msgs_sha1;          ///< Running SHA-1 hash of handshake messages
        winstd::crypt_hash m_hash_handshake_msgs_sha256;        ///< Running SHA-256 hash of handshake messages
        bool m_handshake[tls_handshake_type_max];               ///< Handshake flags (map od handshake messages received)
        enum {
            phase_unknown = -1,                                 ///< Unknown phase
            phase_client_hello = 0,                             ///< Send client hello
            phase_server_hello,                                 ///< Wait for server hello
            phase_change_cipher_spec,                           ///< Wait for change cipher spec
            phase_application_data                              ///< Exchange application data
        } m_phase;                                              ///< What phase is our communication at?
        unsigned __int64 m_seq_num_client;                      ///< Sequence number for encrypting
        unsigned __int64 m_seq_num_server;                      ///< Sequence number for decrypting
 #else
        winstd::tstring m_sc_target_name;                       ///< Schannel target name
        winstd::sec_credentials m_sc_cred;                      ///< Schannel client credentials
        std::vector<unsigned char> m_sc_queue;                  ///< TLS data queue
@@ -247,7 +549,8 @@ namespace eap
            phase_handshake_cont,                               ///< Handshake continue
            phase_application_data,                             ///< Exchange application data
            phase_shutdown,                                     ///< Connection shut down
-        } m_phase;                                              ///< What phase is our communication at?
+        } m_phase, m_phase_prev;                                ///< What phase is our communication at?
 #endif
        // The following members are required to avoid memory leakage in get_result()
        EAP_ATTRIBUTES m_eap_attr_desc;                         ///< EAP Radius attributes descriptor
--- a/lib/TLS/include/TLS.h
+++ b/lib/TLS/include/TLS.h
@@ -503,7 +503,16 @@ namespace eap
        ///
        tls_conn_state& operator=(_Inout_ tls_conn_state &&other);
        ///
        /// Configures state according to given cipher
        ///
        /// \param[in] cipher  Cipher ID
        ///
        void set_cipher(_In_ const unsigned char cipher[2]);
    public:
        LPCTSTR m_prov_name;            ///< Cryptography provider name
        DWORD m_prov_type;              ///< Cryptography provider type
        ALG_ID m_alg_encrypt;           ///< Bulk encryption algorithm
        size_t m_size_enc_key;          ///< Encryption key size in bytes (has to comply with `m_alg_encrypt`)
        size_t m_size_enc_iv;           ///< Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`)
--- a/lib/TLS/src/Config.cpp
+++ b/lib/TLS/src/Config.cpp
@@ -75,6 +75,10 @@ eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with
 eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
    m_trusted_root_ca(other.m_trusted_root_ca),
    m_server_names(other.m_server_names),
 #if EAP_TLS < EAP_TLS_SCHANNEL
    m_session_id(other.m_session_id),
    m_master_secret(other.m_master_secret),
 #endif
    config_method_with_cred(other)
 {
 }
@@ -83,6 +87,10 @@ eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
 eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) :
    m_trusted_root_ca(std::move(other.m_trusted_root_ca)),
    m_server_names(std::move(other.m_server_names)),
 #if EAP_TLS < EAP_TLS_SCHANNEL
    m_session_id(std::move(other.m_session_id)),
    m_master_secret(std::move(other.m_master_secret)),
 #endif
    config_method_with_cred(std::move(other))
 {
 }
@@ -94,6 +102,10 @@ eap::config_method_tls& eap::config_method_tls::operator=(_In_ const config_meth
        (config_method_with_cred&)*this = other;
        m_trusted_root_ca = other.m_trusted_root_ca;
        m_server_names    = other.m_server_names;
 #if EAP_TLS < EAP_TLS_SCHANNEL
        m_session_id      = other.m_session_id;
        m_master_secret   = other.m_master_secret;
 #endif
    }
    return *this;
@@ -106,6 +118,10 @@ eap::config_method_tls& eap::config_method_tls::operator=(_Inout_ config_method_
        (config_method_with_cred&&)*this = std::move(other);
        m_trusted_root_ca = std::move(other.m_trusted_root_ca);
        m_server_names    = std::move(other.m_server_names);
 #if EAP_TLS < EAP_TLS_SCHANNEL
        m_session_id      = std::move(other.m_session_id);
        m_master_secret   = std::move(other.m_master_secret);
 #endif
    }
    return *this;
@@ -235,6 +251,10 @@ void eap::config_method_tls::operator<<(_Inout_ cursor_out &cursor) const
    config_method_with_cred::operator<<(cursor);
    cursor << m_trusted_root_ca;
    cursor << m_server_names   ;
 #if EAP_TLS < EAP_TLS_SCHANNEL
    cursor << m_session_id     ;
    cursor << m_master_secret  ;
 #endif
 }
@@ -243,7 +263,14 @@ size_t eap::config_method_tls::get_pk_size() const
    return
        config_method_with_cred::get_pk_size() +
        pksizeof(m_trusted_root_ca) +
-        pksizeof(m_server_names   );
+        pksizeof(m_server_names   )
 #if EAP_TLS < EAP_TLS_SCHANNEL
        +
        pksizeof(m_session_id     ) +
        pksizeof(m_master_secret  );
 #else
        ;
 #endif
 }
@@ -252,6 +279,10 @@ void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor)
    config_method_with_cred::operator>>(cursor);
    cursor >> m_trusted_root_ca;
    cursor >> m_server_names   ;
 #if EAP_TLS < EAP_TLS_SCHANNEL
    cursor >> m_session_id     ;
    cursor >> m_master_secret  ;
 #endif
 }
--- a/lib/TLS/src/Credentials.cpp
+++ b/lib/TLS/src/Credentials.cpp
@@ -182,11 +182,10 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
        throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
    tstring target(target_name(pszTargetName));
    wstring name(std::move(get_name()));
    // Write credentials.
-    assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
+    assert(cred_enc.cbData     < CRED_MAX_CREDENTIAL_BLOB_SIZE);
-    assert(name.length()   < CRED_MAX_USERNAME_LENGTH     );
+    assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH     );
    CREDENTIAL cred = {
        0,                          // Flags
        CRED_TYPE_GENERIC,          // Type
@@ -199,7 +198,7 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
        0,                          // AttributeCount
        NULL,                       // Attributes
        NULL,                       // TargetAlias
-        (LPTSTR)name.c_str()        // UserName
+        (LPTSTR)m_identity.c_str()  // UserName
    };
    if (!CredWrite(&cred, 0))
        throw win_runtime_error(__FUNCTION__ " CredWrite failed.");
@@ -227,7 +226,14 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName)
    if (!bResult)
        throw win_runtime_error(__FUNCTION__ " Error loading certificate.");
-    m_module.log_config((wstring(pszTargetName) + L"/Certificate").c_str(), get_name().c_str());
+    if (cred->UserName)
        m_identity = cred->UserName;
    else
        m_identity.clear();
    wstring xpath(pszTargetName);
    m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
    m_module.log_config((xpath + L"/Certificate").c_str(), get_name().c_str());
 }
@@ -239,7 +245,9 @@ LPCTSTR eap::credentials_tls::target_suffix() const
 std::wstring eap::credentials_tls::get_identity() const
 {
-    if (m_cert) {
+    if (!m_identity.empty()) {
        return m_identity;
    } else if (m_cert) {
        wstring identity;
        CertGetNameString(m_cert, CERT_NAME_EMAIL_TYPE, 0, NULL, identity);
        return identity;
@@ -248,12 +256,6 @@ std::wstring eap::credentials_tls::get_identity() const
 }
 tstring eap::credentials_tls::get_name() const
 {
    return m_cert ? std::move(get_cert_title(m_cert)) : _T("<blank>");
 }
 eap::credentials::source_t eap::credentials_tls::combine(
    _In_       const credentials_tls   *cred_cached,
    _In_       const config_method_tls &cfg,
--- a/lib/TLS/src/Method.cpp
+++ b/lib/TLS/src/Method.cpp
--- a/lib/TLS/src/TLS.cpp
+++ b/lib/TLS/src/TLS.cpp
@@ -182,6 +182,8 @@ eap::tls_conn_state::tls_conn_state()
 #ifdef _DEBUG
    // Initialize state primitive members for diagnostic purposes.
    :
    m_prov_name     (NULL),
    m_prov_type     (0),
    m_alg_encrypt   (0),
    m_size_enc_key  (0),
    m_size_enc_iv   (0),
@@ -195,6 +197,8 @@ eap::tls_conn_state::tls_conn_state()
 eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) :
    m_prov_name     (other.m_prov_name     ),
    m_prov_type     (other.m_prov_type     ),
    m_alg_encrypt   (other.m_alg_encrypt   ),
    m_size_enc_key  (other.m_size_enc_key  ),
    m_size_enc_iv   (other.m_size_enc_iv   ),
@@ -209,6 +213,8 @@ eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) :
 eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
    m_prov_name     (std::move(other.m_prov_name     )),
    m_prov_type     (std::move(other.m_prov_type     )),
    m_alg_encrypt   (std::move(other.m_alg_encrypt   )),
    m_size_enc_key  (std::move(other.m_size_enc_key  )),
    m_size_enc_iv   (std::move(other.m_size_enc_iv   )),
@@ -221,6 +227,8 @@ eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
 {
 #ifdef _DEBUG
    // Reinitialize other state primitive members for diagnostic purposes.
    other.m_prov_name      = NULL;
    other.m_prov_type      = 0;
    other.m_alg_encrypt    = 0;
    other.m_size_enc_key   = 0;
    other.m_size_enc_iv    = 0;
@@ -235,6 +243,8 @@ eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
 eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &other)
 {
    if (this != std::addressof(other)) {
        m_prov_name      = other.m_prov_name     ;
        m_prov_type      = other.m_prov_type     ;
        m_alg_encrypt    = other.m_alg_encrypt   ;
        m_size_enc_key   = other.m_size_enc_key  ;
        m_size_enc_iv    = other.m_size_enc_iv   ;
@@ -253,6 +263,8 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &o
 eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&other)
 {
    if (this != std::addressof(other)) {
        m_prov_name      = std::move(other.m_prov_name     );
        m_prov_type      = std::move(other.m_prov_type     );
        m_alg_encrypt    = std::move(other.m_alg_encrypt   );
        m_size_enc_key   = std::move(other.m_size_enc_key  );
        m_size_enc_iv    = std::move(other.m_size_enc_iv   );
@@ -265,6 +277,8 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&oth
 #ifdef _DEBUG
        // Reinitialize other state primitive members for diagnostic purposes.
        other.m_prov_name      = NULL;
        other.m_prov_type      = 0;
        other.m_alg_encrypt    = 0;
        other.m_size_enc_key   = 0;
        other.m_size_enc_iv    = 0;
@@ -277,3 +291,142 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&oth
    return *this;
 }
 void eap::tls_conn_state::set_cipher(_In_ const unsigned char cipher[2])
 {
    if (cipher[0] == 0x00 && cipher[1] == 0x0a) {
        // TLS_RSA_WITH_3DES_EDE_CBC_SHA
        m_prov_name      = NULL;
        m_prov_type      = PROV_RSA_AES;
        m_alg_encrypt    = CALG_3DES;
        m_size_enc_key   = 192/8; // 3DES 192bits
        m_size_enc_iv    = 64/8;  // 3DES 64bits
        m_size_enc_block = 64/8;  // 3DES 64bits
        m_alg_mac        = CALG_SHA1;
        m_size_mac_key   = 160/8; // SHA-1
        m_size_mac_hash  = 160/8; // SHA-1
    } else if (cipher[0] == 0x00 && cipher[1] == 0x2f) {
        // TLS_RSA_WITH_AES_128_CBC_SHA
        m_prov_name      = NULL;
        m_prov_type      = PROV_RSA_AES;
        m_alg_encrypt    = CALG_AES_128;
        m_size_enc_key   = 128/8; // AES-128
        m_size_enc_iv    = 128/8; // AES-128
        m_size_enc_block = 128/8; // AES-128
        m_alg_mac        = CALG_SHA1;
        m_size_mac_key   = 160/8; // SHA-1
        m_size_mac_hash  = 160/8; // SHA-1
    } else if (cipher[0] == 0x00 && cipher[1] == 0x3c) {
        // AES128-SHA256
        m_prov_name      = NULL;
        m_prov_type      = PROV_RSA_AES;
        m_alg_encrypt    = CALG_AES_128;
        m_size_enc_key   = 128/8; // AES-128
        m_size_enc_iv    = 128/8; // AES-128
        m_size_enc_block = 128/8; // AES-128
        m_alg_mac        = CALG_SHA_256;
        m_size_mac_key   = 256/8; // SHA-256
        m_size_mac_hash  = 256/8; // SHA-256
    } else if (cipher[0] == 0x00 && cipher[1] == 0x3d) {
        // AES256-SHA256
        m_prov_name      = MS_ENH_RSA_AES_PROV;
        m_prov_type      = PROV_RSA_AES;
        m_alg_encrypt    = CALG_AES_256;
        m_size_enc_key   = 256/8; // AES-256
        m_size_enc_iv    = 128/8; // AES-256
        m_size_enc_block = 128/8; // AES-256
        m_alg_mac        = CALG_SHA_256;
        m_size_mac_key   = 256/8; // SHA-256
        m_size_mac_hash  = 256/8; // SHA-256
    } else if (cipher[0] == 0x00 && cipher[1] == 0x40) {
        // DHE-DSS-AES128-SHA256
        m_prov_name      = MS_ENH_DSS_DH_PROV;
        m_prov_type      = PROV_DSS_DH;
        m_alg_encrypt    = CALG_AES_128;
        m_size_enc_key   = 128/8; // AES-128
        m_size_enc_iv    = 128/8; // AES-128
        m_size_enc_block = 128/8; // AES-128
        m_alg_mac        = CALG_SHA_256;
        m_size_mac_key   = 256/8; // SHA-256
        m_size_mac_hash  = 256/8; // SHA-256
    } else if (cipher[0] == 0x00 && cipher[1] == 0x67) {
        // DHE-RSA-AES128-SHA256
        m_prov_name      = MS_DEF_DH_SCHANNEL_PROV;
        m_prov_type      = PROV_DH_SCHANNEL;
        m_alg_encrypt    = CALG_AES_128;
        m_size_enc_key   = 128/8; // AES-128
        m_size_enc_iv    = 128/8; // AES-128
        m_size_enc_block = 128/8; // AES-128
        m_alg_mac        = CALG_SHA_256;
        m_size_mac_key   = 256/8; // SHA-256
        m_size_mac_hash  = 256/8; // SHA-256
    } else if (cipher[0] == 0x00 && cipher[1] == 0x6a) {
        // DHE-DSS-AES256-SHA256
        m_prov_name      = MS_ENH_DSS_DH_PROV;
        m_prov_type      = PROV_DSS_DH;
        m_alg_encrypt    = CALG_AES_256;
        m_size_enc_key   = 256/8; // AES-256
        m_size_enc_iv    = 128/8; // AES-256
        m_size_enc_block = 128/8; // AES-256
        m_alg_mac        = CALG_SHA_256;
        m_size_mac_key   = 256/8; // SHA-256
        m_size_mac_hash  = 256/8; // SHA-256
    } else if (cipher[0] == 0x00 && cipher[1] == 0x6b) {
        // DHE-RSA-AES256-SHA256
        m_prov_name      = MS_DEF_DH_SCHANNEL_PROV;
        m_prov_type      = PROV_DH_SCHANNEL;
        m_alg_encrypt    = CALG_AES_256;
        m_size_enc_key   = 256/8; // AES-256
        m_size_enc_iv    = 128/8; // AES-256
        m_size_enc_block = 128/8; // AES-256
        m_alg_mac        = CALG_SHA_256;
        m_size_mac_key   = 256/8; // SHA-256
        m_size_mac_hash  = 256/8; // SHA-256
    } else if (cipher[0] == 0xc0 && cipher[1] == 0x23) {
        // ECDHE-ECDSA-AES128-SHA256
        m_prov_name      = MS_ENH_DSS_DH_PROV;
        m_prov_type      = PROV_DSS_DH;
        m_alg_encrypt    = CALG_AES_128;
        m_size_enc_key   = 128/8; // AES-128
        m_size_enc_iv    = 128/8; // AES-128
        m_size_enc_block = 128/8; // AES-128
        m_alg_mac        = CALG_SHA_256;
        m_size_mac_key   = 256/8; // SHA-256
        m_size_mac_hash  = 256/8; // SHA-256
    } else if (cipher[0] == 0xc0 && cipher[1] == 0x24) {
        // ECDHE-ECDSA-AES256-SHA384
        m_prov_name      = MS_ENH_DSS_DH_PROV;
        m_prov_type      = PROV_DSS_DH;
        m_alg_encrypt    = CALG_AES_256;
        m_size_enc_key   = 256/8; // AES-256
        m_size_enc_iv    = 128/8; // AES-256
        m_size_enc_block = 128/8; // AES-256
        m_alg_mac        = CALG_SHA_384;
        m_size_mac_key   = 384/8; // SHA-384
        m_size_mac_hash  = 384/8; // SHA-384
    } else if (cipher[0] == 0xc0 && cipher[1] == 0x27) {
        // ECDHE-RSA-AES128-SHA256
        m_prov_name      = MS_ENH_DSS_DH_PROV;
        m_prov_type      = PROV_DSS_DH;
        m_alg_encrypt    = CALG_AES_128;
        m_size_enc_key   = 128/8; // AES-128
        m_size_enc_iv    = 128/8; // AES-128
        m_size_enc_block = 128/8; // AES-128
        m_alg_mac        = CALG_SHA_256;
        m_size_mac_key   = 256/8; // SHA-256
        m_size_mac_hash  = 256/8; // SHA-256
    } else if (cipher[0] == 0xc0 && cipher[1] == 0x28) {
        // ECDHE-RSA-AES256-SHA384
        m_prov_name      = MS_ENH_DSS_DH_PROV;
        m_prov_type      = PROV_DSS_DH;
        m_alg_encrypt    = CALG_AES_256;
        m_size_enc_key   = 256/8; // AES-256
        m_size_enc_iv    = 128/8; // AES-256
        m_size_enc_block = 128/8; // AES-256
        m_alg_mac        = CALG_SHA_384;
        m_size_mac_key   = 384/8; // SHA-384
        m_size_mac_hash  = 384/8; // SHA-384
    } else
        throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Unknown cipher (received 0x%02x%02x).", cipher[0], cipher[1]));
 }
--- a/lib/TLS_UI/include/TLS_UI.h
+++ b/lib/TLS_UI/include/TLS_UI.h
@@ -331,6 +331,9 @@ public:
 protected:
    /// \cond internal
    virtual void OnInitDialog(wxInitDialogEvent& event);
 #if EAP_TLS < EAP_TLS_SCHANNEL
    virtual bool TransferDataFromWindow();
 #endif
    /// \endcond
 protected:
--- a/lib/TLS_UI/res/wxTLS_UI.cpp
+++ b/lib/TLS_UI/res/wxTLS_UI.cpp
@@ -161,6 +161,25 @@ wxTLSCredentialsPanelBase::wxTLSCredentialsPanelBase( wxWindow* parent, wxWindow
 	sb_credentials_vert->Add( sb_cert_radio, 0, wxEXPAND|wxALL, 5 );
 	wxBoxSizer* sb_identity;
 	sb_identity = new wxBoxSizer( wxVERTICAL );
 	m_identity_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Custom &identity:"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_identity_label->Wrap( -1 );
 	sb_identity->Add( m_identity_label, 0, wxBOTTOM, 5 );
 	m_identity = new wxTextCtrl( sb_credentials->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
 	m_identity->SetToolTip( _("Your identity (username@domain) to override one from certificate; or blank to use one provided in certificate") );
 	sb_identity->Add( m_identity, 0, wxEXPAND|wxBOTTOM, 5 );
 	m_identity_note = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("(Example: user@contoso.com)"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_identity_note->Wrap( -1 );
 	sb_identity->Add( m_identity_note, 0, wxALIGN_RIGHT, 5 );
 	sb_credentials_vert->Add( sb_identity, 1, wxEXPAND|wxALL, 5 );
 	m_remember = new wxCheckBox( sb_credentials->GetStaticBox(), wxID_ANY, _("&Remember"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_remember->SetHelpText( _("Check if you would like to save certificate selection") );
--- a/lib/TLS_UI/res/wxTLS_UI.fbp
+++ b/lib/TLS_UI/res/wxTLS_UI.fbp
@@ -1527,6 +1527,274 @@
                                        </object>
                                    </object>
                                </object>
                                <object class="sizeritem" expanded="1">
                                    <property name="border">5</property>
                                    <property name="flag">wxEXPAND|wxALL</property>
                                    <property name="proportion">1</property>
                                    <object class="wxBoxSizer" expanded="1">
                                        <property name="minimum_size"></property>
                                        <property name="name">sb_identity</property>
                                        <property name="orient">wxVERTICAL</property>
                                        <property name="permission">none</property>
                                        <object class="sizeritem" expanded="1">
                                            <property name="border">5</property>
                                            <property name="flag">wxBOTTOM</property>
                                            <property name="proportion">0</property>
                                            <object class="wxStaticText" expanded="1">
                                                <property name="BottomDockable">1</property>
                                                <property name="LeftDockable">1</property>
                                                <property name="RightDockable">1</property>
                                                <property name="TopDockable">1</property>
                                                <property name="aui_layer"></property>
                                                <property name="aui_name"></property>
                                                <property name="aui_position"></property>
                                                <property name="aui_row"></property>
                                                <property name="best_size"></property>
                                                <property name="bg"></property>
                                                <property name="caption"></property>
                                                <property name="caption_visible">1</property>
                                                <property name="center_pane">0</property>
                                                <property name="close_button">1</property>
                                                <property name="context_help"></property>
                                                <property name="context_menu">1</property>
                                                <property name="default_pane">0</property>
                                                <property name="dock">Dock</property>
                                                <property name="dock_fixed">0</property>
                                                <property name="docking">Left</property>
                                                <property name="enabled">1</property>
                                                <property name="fg"></property>
                                                <property name="floatable">1</property>
                                                <property name="font"></property>
                                                <property name="gripper">0</property>
                                                <property name="hidden">0</property>
                                                <property name="id">wxID_ANY</property>
                                                <property name="label">Custom &amp;identity:</property>
                                                <property name="max_size"></property>
                                                <property name="maximize_button">0</property>
                                                <property name="maximum_size"></property>
                                                <property name="min_size"></property>
                                                <property name="minimize_button">0</property>
                                                <property name="minimum_size"></property>
                                                <property name="moveable">1</property>
                                                <property name="name">m_identity_label</property>
                                                <property name="pane_border">1</property>
                                                <property name="pane_position"></property>
                                                <property name="pane_size"></property>
                                                <property name="permission">protected</property>
                                                <property name="pin_button">1</property>
                                                <property name="pos"></property>
                                                <property name="resize">Resizable</property>
                                                <property name="show">1</property>
                                                <property name="size"></property>
                                                <property name="style"></property>
                                                <property name="subclass"></property>
                                                <property name="toolbar_pane">0</property>
                                                <property name="tooltip"></property>
                                                <property name="window_extra_style"></property>
                                                <property name="window_name"></property>
                                                <property name="window_style"></property>
                                                <property name="wrap">-1</property>
                                                <event name="OnChar"></event>
                                                <event name="OnEnterWindow"></event>
                                                <event name="OnEraseBackground"></event>
                                                <event name="OnKeyDown"></event>
                                                <event name="OnKeyUp"></event>
                                                <event name="OnKillFocus"></event>
                                                <event name="OnLeaveWindow"></event>
                                                <event name="OnLeftDClick"></event>
                                                <event name="OnLeftDown"></event>
                                                <event name="OnLeftUp"></event>
                                                <event name="OnMiddleDClick"></event>
                                                <event name="OnMiddleDown"></event>
                                                <event name="OnMiddleUp"></event>
                                                <event name="OnMotion"></event>
                                                <event name="OnMouseEvents"></event>
                                                <event name="OnMouseWheel"></event>
                                                <event name="OnPaint"></event>
                                                <event name="OnRightDClick"></event>
                                                <event name="OnRightDown"></event>
                                                <event name="OnRightUp"></event>
                                                <event name="OnSetFocus"></event>
                                                <event name="OnSize"></event>
                                                <event name="OnUpdateUI"></event>
                                            </object>
                                        </object>
                                        <object class="sizeritem" expanded="1">
                                            <property name="border">5</property>
                                            <property name="flag">wxEXPAND|wxBOTTOM</property>
                                            <property name="proportion">0</property>
                                            <object class="wxTextCtrl" expanded="1">
                                                <property name="BottomDockable">1</property>
                                                <property name="LeftDockable">1</property>
                                                <property name="RightDockable">1</property>
                                                <property name="TopDockable">1</property>
                                                <property name="aui_layer"></property>
                                                <property name="aui_name"></property>
                                                <property name="aui_position"></property>
                                                <property name="aui_row"></property>
                                                <property name="best_size"></property>
                                                <property name="bg"></property>
                                                <property name="caption"></property>
                                                <property name="caption_visible">1</property>
                                                <property name="center_pane">0</property>
                                                <property name="close_button">1</property>
                                                <property name="context_help"></property>
                                                <property name="context_menu">1</property>
                                                <property name="default_pane">0</property>
                                                <property name="dock">Dock</property>
                                                <property name="dock_fixed">0</property>
                                                <property name="docking">Left</property>
                                                <property name="enabled">1</property>
                                                <property name="fg"></property>
                                                <property name="floatable">1</property>
                                                <property name="font"></property>
                                                <property name="gripper">0</property>
                                                <property name="hidden">0</property>
                                                <property name="id">wxID_ANY</property>
                                                <property name="max_size"></property>
                                                <property name="maximize_button">0</property>
                                                <property name="maximum_size"></property>
                                                <property name="maxlength"></property>
                                                <property name="min_size"></property>
                                                <property name="minimize_button">0</property>
                                                <property name="minimum_size"></property>
                                                <property name="moveable">1</property>
                                                <property name="name">m_identity</property>
                                                <property name="pane_border">1</property>
                                                <property name="pane_position"></property>
                                                <property name="pane_size"></property>
                                                <property name="permission">protected</property>
                                                <property name="pin_button">1</property>
                                                <property name="pos"></property>
                                                <property name="resize">Resizable</property>
                                                <property name="show">1</property>
                                                <property name="size"></property>
                                                <property name="style"></property>
                                                <property name="subclass"></property>
                                                <property name="toolbar_pane">0</property>
                                                <property name="tooltip">Your identity (username@domain) to override one from certificate; or blank to use one provided in certificate</property>
                                                <property name="validator_data_type"></property>
                                                <property name="validator_style">wxFILTER_NONE</property>
                                                <property name="validator_type">wxDefaultValidator</property>
                                                <property name="validator_variable"></property>
                                                <property name="value"></property>
                                                <property name="window_extra_style"></property>
                                                <property name="window_name"></property>
                                                <property name="window_style"></property>
                                                <event name="OnChar"></event>
                                                <event name="OnEnterWindow"></event>
                                                <event name="OnEraseBackground"></event>
                                                <event name="OnKeyDown"></event>
                                                <event name="OnKeyUp"></event>
                                                <event name="OnKillFocus"></event>
                                                <event name="OnLeaveWindow"></event>
                                                <event name="OnLeftDClick"></event>
                                                <event name="OnLeftDown"></event>
                                                <event name="OnLeftUp"></event>
                                                <event name="OnMiddleDClick"></event>
                                                <event name="OnMiddleDown"></event>
                                                <event name="OnMiddleUp"></event>
                                                <event name="OnMotion"></event>
                                                <event name="OnMouseEvents"></event>
                                                <event name="OnMouseWheel"></event>
                                                <event name="OnPaint"></event>
                                                <event name="OnRightDClick"></event>
                                                <event name="OnRightDown"></event>
                                                <event name="OnRightUp"></event>
                                                <event name="OnSetFocus"></event>
                                                <event name="OnSize"></event>
                                                <event name="OnText"></event>
                                                <event name="OnTextEnter"></event>
                                                <event name="OnTextMaxLen"></event>
                                                <event name="OnTextURL"></event>
                                                <event name="OnUpdateUI"></event>
                                            </object>
                                        </object>
                                        <object class="sizeritem" expanded="1">
                                            <property name="border">5</property>
                                            <property name="flag">wxALIGN_RIGHT</property>
                                            <property name="proportion">0</property>
                                            <object class="wxStaticText" expanded="1">
                                                <property name="BottomDockable">1</property>
                                                <property name="LeftDockable">1</property>
                                                <property name="RightDockable">1</property>
                                                <property name="TopDockable">1</property>
                                                <property name="aui_layer"></property>
                                                <property name="aui_name"></property>
                                                <property name="aui_position"></property>
                                                <property name="aui_row"></property>
                                                <property name="best_size"></property>
                                                <property name="bg"></property>
                                                <property name="caption"></property>
                                                <property name="caption_visible">1</property>
                                                <property name="center_pane">0</property>
                                                <property name="close_button">1</property>
                                                <property name="context_help"></property>
                                                <property name="context_menu">1</property>
                                                <property name="default_pane">0</property>
                                                <property name="dock">Dock</property>
                                                <property name="dock_fixed">0</property>
                                                <property name="docking">Left</property>
                                                <property name="enabled">1</property>
                                                <property name="fg"></property>
                                                <property name="floatable">1</property>
                                                <property name="font"></property>
                                                <property name="gripper">0</property>
                                                <property name="hidden">0</property>
                                                <property name="id">wxID_ANY</property>
                                                <property name="label">(Example: user@contoso.com)</property>
                                                <property name="max_size"></property>
                                                <property name="maximize_button">0</property>
                                                <property name="maximum_size"></property>
                                                <property name="min_size"></property>
                                                <property name="minimize_button">0</property>
                                                <property name="minimum_size"></property>
                                                <property name="moveable">1</property>
                                                <property name="name">m_identity_note</property>
                                                <property name="pane_border">1</property>
                                                <property name="pane_position"></property>
                                                <property name="pane_size"></property>
                                                <property name="permission">protected</property>
                                                <property name="pin_button">1</property>
                                                <property name="pos"></property>
                                                <property name="resize">Resizable</property>
                                                <property name="show">1</property>
                                                <property name="size"></property>
                                                <property name="style"></property>
                                                <property name="subclass"></property>
                                                <property name="toolbar_pane">0</property>
                                                <property name="tooltip"></property>
                                                <property name="window_extra_style"></property>
                                                <property name="window_name"></property>
                                                <property name="window_style"></property>
                                                <property name="wrap">-1</property>
                                                <event name="OnChar"></event>
                                                <event name="OnEnterWindow"></event>
                                                <event name="OnEraseBackground"></event>
                                                <event name="OnKeyDown"></event>
                                                <event name="OnKeyUp"></event>
                                                <event name="OnKillFocus"></event>
                                                <event name="OnLeaveWindow"></event>
                                                <event name="OnLeftDClick"></event>
                                                <event name="OnLeftDown"></event>
                                                <event name="OnLeftUp"></event>
                                                <event name="OnMiddleDClick"></event>
                                                <event name="OnMiddleDown"></event>
                                                <event name="OnMiddleUp"></event>
                                                <event name="OnMotion"></event>
                                                <event name="OnMouseEvents"></event>
                                                <event name="OnMouseWheel"></event>
                                                <event name="OnPaint"></event>
                                                <event name="OnRightDClick"></event>
                                                <event name="OnRightDown"></event>
                                                <event name="OnRightUp"></event>
                                                <event name="OnSetFocus"></event>
                                                <event name="OnSize"></event>
                                                <event name="OnUpdateUI"></event>
                                            </object>
                                        </object>
                                    </object>
                                </object>
                                <object class="sizeritem" expanded="1">
                                    <property name="border">5</property>
                                    <property name="flag">wxALL|wxEXPAND</property>
--- a/lib/TLS_UI/res/wxTLS_UI.h
+++ b/lib/TLS_UI/res/wxTLS_UI.h
@@ -80,6 +80,9 @@ class wxTLSCredentialsPanelBase : public wxPanel
 		wxRadioButton* m_cert_none;
 		wxRadioButton* m_cert_select;
 		wxChoice* m_cert_select_val;
 		wxStaticText* m_identity_label;
 		wxTextCtrl* m_identity;
 		wxStaticText* m_identity_note;
 		wxCheckBox* m_remember;
 	public:
--- a/lib/TLS_UI/src/TLS_UI.cpp
+++ b/lib/TLS_UI/src/TLS_UI.cpp
@@ -358,6 +358,8 @@ bool wxTLSCredentialsPanel::TransferDataToWindow()
            m_cert_select_val->SetSelection(0);
    }
    m_identity->SetValue(m_cred.m_identity);
    return wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>::TransferDataToWindow();
 }
@@ -374,6 +376,8 @@ bool wxTLSCredentialsPanel::TransferDataFromWindow()
            m_cred.m_cert.free();
    }
    m_cred.m_identity = m_identity->GetValue();
    // Inherited TransferDataFromWindow() calls m_cred.store().
    // Therefore, call it only now, that m_cred is set.
    return wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>::TransferDataFromWindow();
@@ -393,9 +397,11 @@ void wxTLSCredentialsPanel::OnUpdateUI(wxUpdateUIEvent& event)
            m_cert_select->Enable(false);
        }
        m_cert_select_val->Enable(false);
        m_identity->Enable(false);
    } else {
        // Configuration mode or using own credentials. Selectively enable/disable controls.
        m_cert_select_val->Enable(m_cert_select->GetValue());
        m_identity->Enable(true);
    }
    wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>::OnUpdateUI(event);
@@ -603,3 +609,23 @@ void wxTLSConfigPanel::OnInitDialog(wxInitDialogEvent& event)
    if (m_credentials)
        m_credentials->GetEventHandler()->ProcessEvent(event);
 }
 #if EAP_TLS < EAP_TLS_SCHANNEL
 bool wxTLSConfigPanel::TransferDataFromWindow()
 {
    wxCHECK(wxPanel::TransferDataFromWindow(), false);
    if (!m_prov.m_read_only) {
        // This is not a provider-locked configuration. The data will get saved.
        // Reset session ID and master secret to force clean connect next time.
        m_cfg.m_session_id.clear();
        m_cfg.m_master_secret.clear();
    }
    return true;
 }
 #endif
--- a/lib/TTLS/include/Method.h
+++ b/lib/TTLS/include/Method.h
@@ -57,11 +57,11 @@ namespace eap
        ///
        /// Constructs an EAP method
        ///
-        /// \param[in] mod  EAP module to use for global services
+        /// \param[in] mod   EAP module to use for global services
-        /// \param[in] cfg   Providers configuration
+        /// \param[in] cfg   Connection configuration
        /// \param[in] cred  User credentials
        ///
-        method_ttls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_ttls &cred);
+        method_ttls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_ttls &cred);
        ///
        /// Moves an EAP method
@@ -113,6 +113,17 @@ namespace eap
        /// @}
    protected:
 #if EAP_TLS < EAP_TLS_SCHANNEL
        ///
        /// Generates master session key
        ///
        /// \sa [The EAP-TLS Authentication Protocol (Chapter 2.3. Key Hierarchy)](https://tools.ietf.org/html/rfc5216#section-2.3)
        ///
        virtual void derive_msk();
 #else
        ///
        /// Processes an application message
        ///
@@ -121,6 +132,8 @@ namespace eap
        ///
        virtual void process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg);
 #endif
        ///
        /// Makes a PAP client message
        ///
--- a/lib/TTLS/include/Module.h
+++ b/lib/TTLS/include/Module.h
@@ -221,7 +221,7 @@ namespace eap
            {}
        public:
-            config_provider_list m_cfg; ///< Providers configuration
+            config_connection m_cfg;    ///< Connection configuration
            credentials_ttls m_cred;    ///< User credentials
            method_ttls m_method;       ///< EAP-TTLS method
        };
--- a/lib/TTLS/src/Credentials.cpp
+++ b/lib/TTLS/src/Credentials.cpp
@@ -189,6 +189,8 @@ void eap::credentials_ttls::operator>>(_Inout_ cursor_in &cursor)
 void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName) const
 {
    assert(0); // Not that we would ever store inner&outer credentials to Windows Credential Manager joined, but for completness sake... Here we go:
    credentials_tls::store(pszTargetName);
    if (m_inner)
@@ -198,6 +200,8 @@ void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName) const
 void eap::credentials_ttls::retrieve(_In_z_ LPCTSTR pszTargetName)
 {
    assert(0); // Not that we would ever retrieve inner&outer credentials to Windows Credential Manager joined, but for completness sake... Here we go:
    credentials_tls::retrieve(pszTargetName);
    if (m_inner)
--- a/lib/TTLS/src/Method.cpp
+++ b/lib/TTLS/src/Method.cpp
@@ -28,7 +28,7 @@ using namespace winstd;
 // eap::method_ttls
 //////////////////////////////////////////////////////////////////////
-eap::method_ttls::method_ttls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_ttls &cred) :
+eap::method_ttls::method_ttls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_ttls &cred) :
    m_cred(cred),
    m_version(version_0),
    method_tls(module, cfg, cred)
@@ -71,6 +71,22 @@ void eap::method_ttls::process_request_packet(
    // Do the TLS.
    method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
 #if EAP_TLS < EAP_TLS_SCHANNEL
    if (m_phase == phase_application_data) {
        // Send inner authentication.
        if (!m_state_client.m_alg_encrypt)
            throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted.");
        m_module.log_event(&EAPMETHOD_TTLS_INNER_CRED, event_data((unsigned int)eap_type_ttls), event_data(m_cred.m_inner->get_name()), event_data::blank);
        m_packet_res.m_code  = EapCodeResponse;
        m_packet_res.m_id    = m_packet_req.m_id;
        m_packet_res.m_flags = 0;
        sanitizing_blob msg_application(make_message(tls_message_type_application_data, make_pap_client()));
        m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_application.begin(), msg_application.end());
    }
 #endif
 }
@@ -109,19 +125,24 @@ void eap::method_ttls::get_result(
        case EapPeerMethodResultFailure:
            m_module.log_event(&EAPMETHOD_TTLS_INNER_FAILURE, event_data((unsigned int)eap_type_ttls), event_data::blank);
-            cfg_method->m_inner->m_auth_failed = true;
+
            // Mark credentials as failed, so GUI can re-prompt user.
            // But be careful: do so only if this happened after transition from handshake to application data phase.
            cfg_method->m_inner->m_auth_failed = m_phase_prev < phase_application_data;
            break;
        default:
            throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
        }
 #if EAP_TLS >= EAP_TLS_SCHANNEL
        // EAP-TTLS uses different label in PRF for MSK derivation than EAP-TLS.
        static const DWORD s_key_id = 0x01; // EAP-TTLSv0 Keying Material
        static const SecPkgContext_EapPrfInfo s_prf_info = { 0, sizeof(s_key_id), (PBYTE)&s_key_id };
        SECURITY_STATUS status = SetContextAttributes(m_sc_ctx, SECPKG_ATTR_EAP_PRF_INFO, (void*)&s_prf_info, sizeof(s_prf_info));
        if (FAILED(status))
            throw sec_runtime_error(status, __FUNCTION__ "Error setting EAP-TTLS PRF in Schannel.");
 #endif
        // The TLS was OK.
        method_tls::get_result(EapPeerMethodResultSuccess, ppResult);
@@ -136,6 +157,43 @@ void eap::method_ttls::get_result(
 }
 #if EAP_TLS < EAP_TLS_SCHANNEL
 void eap::method_ttls::derive_msk()
 {
    //
    //   TLS versions 1.0 [RFC2246] and 1.1 [RFC4346] define the same PRF
    //   function, and any EAP-TTLSv0 implementation based on these versions
    //   of TLS must use the PRF defined therein.  It is expected that future
    //   versions of or extensions to the TLS protocol will permit alternative
    //   PRF functions to be negotiated.  If an alternative PRF function is
    //   specified for the underlying TLS version or has been negotiated
    //   during the TLS handshake negotiation, then that alternative PRF
    //   function must be used in EAP-TTLSv0 computations instead of the TLS
    //   1.0/1.1 PRF.
    //
    // [Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0) (Chapter 7.8. Use of TLS PRF)](https://tools.ietf.org/html/rfc5281#section-7.8)
    //
    // If we use PRF_SHA256() the key exchange fails. Therefore we use PRF of TLS 1.0/1.1.
    //
    static const unsigned char s_label[] = "ttls keying material";
    sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
    seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
    seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
    sanitizing_blob key_block(prf(m_cp, CALG_TLS1PRF, m_master_secret, seed, 2*sizeof(tls_random)));
    const unsigned char *_key_block = key_block.data();
    // MSK: MPPE-Recv-Key
    memcpy(&m_key_mppe_client, _key_block, sizeof(tls_random));
    _key_block += sizeof(tls_random);
    // MSK: MPPE-Send-Key
    memcpy(&m_key_mppe_server, _key_block, sizeof(tls_random));
    _key_block += sizeof(tls_random);
 }
 #else
 void eap::method_ttls::process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg)
 {
    UNREFERENCED_PARAMETER(msg);
@@ -183,6 +241,8 @@ void eap::method_ttls::process_application_data(_In_bytecount_(size_msg) const v
    m_packet_res.m_data.insert(m_packet_res.m_data.end(), (const unsigned char*)buf[0].pvBuffer, (const unsigned char*)buf[0].pvBuffer + buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer);
 }
 #endif
 eap::sanitizing_blob eap::method_ttls::make_pap_client() const
 {
--- a/lib/TTLS/src/Module.cpp
+++ b/lib/TTLS/src/Module.cpp
@@ -74,7 +74,7 @@ void eap::peer_ttls::get_identity(
    assert(ppwszIdentity);
    // Unpack configuration.
-    config_provider_list cfg(*this);
+    config_connection cfg(*this);
    unpack(cfg, pConnectionData, dwConnectionDataSize);
    if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty())
        throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods.");
--- a/lib/TTLS_UI/res/wxTTLS_UI.cpp
+++ b/lib/TTLS_UI/res/wxTTLS_UI.cpp
@@ -32,7 +32,7 @@ wxTTLSConfigPanelBase::wxTTLSConfigPanelBase( wxWindow* parent, wxWindowID id, c
 	wxBoxSizer* sb_outer_identity_radio;
 	sb_outer_identity_radio = new wxBoxSizer( wxVERTICAL );
-	m_outer_identity_same = new wxRadioButton( sb_outer_identity->GetStaticBox(), wxID_ANY, _("&Same as inner identity"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP );
+	m_outer_identity_same = new wxRadioButton( sb_outer_identity->GetStaticBox(), wxID_ANY, _("&True identity"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP );
 	m_outer_identity_same->SetToolTip( _("Use my true user name") );
 	sb_outer_identity_radio->Add( m_outer_identity_same, 1, wxEXPAND, 5 );
--- a/lib/TTLS_UI/res/wxTTLS_UI.fbp
+++ b/lib/TTLS_UI/res/wxTTLS_UI.fbp
@@ -309,7 +309,7 @@
                                                <property name="gripper">0</property>
                                                <property name="hidden">0</property>
                                                <property name="id">wxID_ANY</property>
-                                                <property name="label">&amp;Same as inner identity</property>
+                                                <property name="label">&amp;True identity</property>
                                                <property name="max_size"></property>
                                                <property name="maximize_button">0</property>
                                                <property name="maximum_size"></property>
--- a/lib/TTLS_UI/src/Module.cpp
+++ b/lib/TTLS_UI/src/Module.cpp
@@ -48,7 +48,7 @@ void eap::peer_ttls_ui::config_xml2blob(
    UNREFERENCED_PARAMETER(dwFlags);
    // Load configuration from XML.
-    config_provider_list cfg(*this);
+    config_connection cfg(*this);
    cfg.load(pConfigRoot);
    // Pack configuration.
@@ -66,7 +66,7 @@ void eap::peer_ttls_ui::config_blob2xml(
    UNREFERENCED_PARAMETER(dwFlags);
    // Unpack configuration.
-    config_provider_list cfg(*this);
+    config_connection cfg(*this);
    unpack(cfg, pConnectionData, dwConnectionDataSize);
    // Save configuration to XML.
@@ -82,7 +82,7 @@ void eap::peer_ttls_ui::invoke_config_ui(
    _Inout_                                  DWORD *pdwConnectionDataOutSize)
 {
    // Unpack configuration.
-    config_provider_list cfg(*this);
+    config_connection cfg(*this);
    if (dwConnectionDataInSize) {
        // Load existing configuration.
        unpack(cfg, pConnectionDataIn, dwConnectionDataInSize);
@@ -112,7 +112,7 @@ void eap::peer_ttls_ui::invoke_config_ui(
    {
        // Create wxWidget-approved parent window.
        wxWindow parent;
-        parent.SetHWND((WXHWND)hwndParent);
+        parent.SetHWND((WXHWND)(hwndParent ? hwndParent : GetForegroundWindow()));
        parent.AdoptAttributesFromHWND();
        wxTopLevelWindows.Append(&parent);
@@ -148,7 +148,7 @@ void eap::peer_ttls_ui::invoke_identity_ui(
    assert(ppwszIdentity);
    // Unpack configuration.
-    config_provider_list cfg(*this);
+    config_connection cfg(*this);
    unpack(cfg, pConnectionData, dwConnectionDataSize);
    if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty())
        throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods.");
@@ -204,7 +204,7 @@ void eap::peer_ttls_ui::invoke_identity_ui(
    {
        // Create wxWidget-approved parent window.
        wxWindow parent;
-        parent.SetHWND((WXHWND)hwndParent);
+        parent.SetHWND((WXHWND)(hwndParent ? hwndParent : GetForegroundWindow()));
        parent.AdoptAttributesFromHWND();
        wxTopLevelWindows.Append(&parent);
--- a/lib/WinStd
+++ b/lib/WinStd
--- a/output/Setup/.gitignore
+++ b/output/Setup/.gitignore
@@ -1 +1,3 @@
 /GEANTLink*.msi
 /CredWrite.exe
 /MsiUseFeature.exe
Author	SHA1	Message	Date
Simon Rozman	5483368640	Version set to 1.0-alpha12	2016-08-25 13:10:42 +02:00
Simon Rozman	6077063599	The credentials are marked "invalid" at transition from handshake to application data phase only to prevent initial handshake problems from popping-up credential prompt when credentials have nothing to do with the connection failure.	2016-08-25 13:08:11 +02:00
Simon Rozman	2857b2edd2	First application data message is now appended piggyback to the last client handshake message (Hopefully resolving issue with Radiator)	2016-08-25 13:00:47 +02:00
Simon Rozman	6760287f0d	Duplicate log record of EAP-TLS handshake removed	2016-08-25 12:58:56 +02:00
Simon Rozman	7973a8d59b	Handshake log events are a bit more specific now	2016-08-25 12:57:47 +02:00
Simon Rozman	f5d8f653af	Texts updated	2016-08-25 10:46:35 +02:00
Simon Rozman	e1600e5aba	Configuration GUIDs are not required any more This reverts commit `1cb6ca5adb`.	2016-08-24 18:59:59 +02:00
Simon Rozman	352d546da1	Version set to 1.0-alpha11	2016-08-24 18:48:10 +02:00
Simon Rozman	d2ff78a613	Credential prompt sometimes displayed in background issue fixed now	2016-08-24 18:39:15 +02:00
Simon Rozman	10807fad18	Variable renamed from Slovenian to English	2016-08-24 18:36:51 +02:00
Simon Rozman	c6d53cd13c	eap::monitor_ui class to prevent multiple launches introduced	2016-08-24 17:45:31 +02:00
Simon Rozman	6f25e4c0ad	wxEAPGeneralDialog constructor parameters extended	2016-08-24 17:43:02 +02:00
Simon Rozman	edac93e115	Custom TLS identity is correctly enabled/disabled now.	2016-08-24 15:30:27 +02:00
Simon Rozman	d1c24efcf0	config_method_with_cred renamed to config_connection to describe it better	2016-08-24 11:39:37 +02:00
Simon Rozman	1cb6ca5adb	Connection configuration is equipped with GUID now for multiple credential prompt disambiguation later	2016-08-24 11:34:30 +02:00
Simon Rozman	38e1443276	Logging of handshake progress introduced	2016-08-24 11:04:04 +02:00
Simon Rozman	6835f5279c	Certificate (TLS) credentials support custom identity now	2016-08-24 11:03:18 +02:00
Simon Rozman	eb9c8a5f7c	If configured trusted root CA certificate list is empty, that really means "Trust no one!" now	2016-08-23 23:40:07 +02:00
Simon Rozman	5332b538aa	Our own TLS merged back to master and compiles conditionally	2016-08-23 22:46:00 +02:00
Simon Rozman	a9baa07227	Error type detection fixed	2016-08-23 22:41:12 +02:00
Simon Rozman	387a12ab5e	Additional cases of invalid certificate caught	2016-08-23 17:41:20 +02:00
Simon Rozman	7b3251a758	Error throwing clean-up	2016-08-23 17:20:04 +02:00
Simon Rozman	894f19a81e	Binary publishing updated	2016-08-23 16:45:16 +02:00