Version set to 1.0-alpha10

When server certificate has no subjectAltName(2), compare host name against Common Name
Switched to Schannel to do the TLS
2016-08-23 14:53:27 +02:00 · 2016-08-23 14:29:47 +02:00 · 2016-08-23 13:53:23 +02:00 · 2016-08-18 06:33:02 +02:00 · 2016-08-18 06:31:16 +02:00 · 2016-08-18 06:30:02 +02:00
39 changed files with 2927 additions and 1749 deletions
--- a/include/Common.props
+++ b/include/Common.props
@@ -32,7 +32,7 @@
  <ItemDefinitionGroup>
    <ClCompile>
      <WarningLevel>Level4</WarningLevel>
-      <PreprocessorDefinitions>_WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;CERT_CHAIN_PARA_HAS_EXTRA_FIELDS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;SECURITY_WIN32;CERT_CHAIN_PARA_HAS_EXTRA_FIELDS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <PrecompiledHeader>Use</PrecompiledHeader>
      <PrecompiledHeaderFile>StdAfx.h</PrecompiledHeaderFile>
      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
--- a/include/Version.h
+++ b/include/Version.h
@@ -29,7 +29,7 @@
 // Product version as a single DWORD
 // Note: Used for version comparison within C/C++ code.
 //
-#define PRODUCT_VERSION          0x00ff0700
+#define PRODUCT_VERSION          0x00ff0a00
 //
 // Product version by components
@@ -39,26 +39,26 @@
 //
 #define PRODUCT_VERSION_MAJ      0
 #define PRODUCT_VERSION_MIN      255
-#define PRODUCT_VERSION_REV      7
+#define PRODUCT_VERSION_REV      10
 #define PRODUCT_VERSION_BUILD    0
 //
 // Human readable product version and build year for UI
 //
-#define PRODUCT_VERSION_STR      "1.0-alpha7"
+#define PRODUCT_VERSION_STR      "1.0-alpha10"
 #define PRODUCT_BUILD_YEAR_STR   "2016"
 //
 // Numerical version presentation for ProductVersion propery in
 // MSI packages (syntax: N.N[.N[.N]])
 //
-#define PRODUCT_VERSION_INST     "0.255.7"
+#define PRODUCT_VERSION_INST     "0.255.10"
 //
 // The product code for ProductCode property in MSI packages
 // Replace with new on every version change, regardless how minor it is.
 //
-#define PRODUCT_VERSION_GUID     "{54C2BA4B-EFC8-4F3E-A838-28744134A136}"
+#define PRODUCT_VERSION_GUID     "{2A743CF3-8AAE-416B-B779-2EC1F509121D}"
 //
 // Since the product name is not finally confirmed at the time of
--- a/lib/EAPBase/include/Config.h
+++ b/lib/EAPBase/include/Config.h
@@ -89,7 +89,6 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config &val);
 #include <eaptypes.h> // Must include after <Windows.h>
 #include <tchar.h>
 #include <list>
 #include <string>
 #include <memory>
@@ -342,7 +341,7 @@ namespace eap
        bool m_allow_save;                          ///< Are credentials allowed to be saved to Windows Credential Manager?
        bool m_use_preshared;                       ///< Use pre-shared credentials
        std::unique_ptr<credentials> m_preshared;   ///< Pre-shared credentials
-        bool m_cred_failed;                         ///< Did credential fail last time?
+        bool m_auth_failed;                         ///< Did credential fail last time?
    };
@@ -451,7 +450,7 @@ namespace eap
        winstd::tstring m_lbl_alt_credential;                   ///< Alternative label for credential prompt
        winstd::tstring m_lbl_alt_identity;                     ///< Alternative label for identity prompt
        winstd::tstring m_lbl_alt_password;                     ///< Alternative label for password prompt
-        std::list<std::unique_ptr<config_method> > m_methods;   ///< List of method configurations
+        std::vector<std::unique_ptr<config_method> > m_methods; ///< Array of method configurations
    };
@@ -551,7 +550,7 @@ namespace eap
        /// @}
    public:
-        std::list<eap::config_provider> m_providers;    ///< List of provider configurations
+        std::vector<eap::config_provider> m_providers;  ///< Array of provider configurations
    };
 }
--- a/lib/EAPBase/include/Credentials.h
+++ b/lib/EAPBase/include/Credentials.h
@@ -54,6 +54,18 @@ namespace eap
 {
    class credentials : public config
    {
    public:
        ///
        /// Credential source when combined
        ///
        enum  source_t {
            source_unknown = -1, ///< Unknown source
            source_cache = 0,    ///< Credentials were obtained from EAPHost cache
            source_preshared,    ///< Credentials were set by method configuration
            source_storage       ///< Credentials were loaded from Windows Credential Manager
        };
    public:
        ///
        /// Constructs credentials
@@ -158,26 +170,6 @@ namespace eap
        /// Returns credential name (for GUI display).
        ///
        virtual winstd::tstring get_name() const;
        ///
        /// Combine credentials in the following order:
        ///
        /// 1. Cached credentials
        /// 2. Pre-configured credentials
        /// 3. Stored credentials
        ///
        /// \param[in] cred_cached    Cached credentials (optional, can be \c NULL)
        /// \param[in] cfg            Method configuration
        /// \param[in] pszTargetName  The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
        ///
        /// \returns
        /// - \c true  if credentials were set;
        /// - \c false otherwise
        ///
        virtual bool combine(
            _In_       const credentials       *cred_cached,
            _In_       config_method_with_cred &cfg,
            _In_opt_z_ LPCTSTR                 pszTargetName);
    };
--- a/lib/EAPBase/src/Config.cpp
+++ b/lib/EAPBase/src/Config.cpp
@@ -139,7 +139,7 @@ eap::config_method& eap::config_method::operator=(_Inout_ config_method &&other)
 eap::config_method_with_cred::config_method_with_cred(_In_ module &mod) :
    m_allow_save(true),
    m_use_preshared(false),
-    m_cred_failed(false),
+    m_auth_failed(false),
    config_method(mod)
 {
 }
@@ -149,7 +149,7 @@ eap::config_method_with_cred::config_method_with_cred(_In_ const config_method_w
    m_allow_save(other.m_allow_save),
    m_use_preshared(other.m_use_preshared),
    m_preshared(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr),
-    m_cred_failed(other.m_cred_failed),
+    m_auth_failed(other.m_auth_failed),
    config_method(other)
 {
 }
@@ -159,7 +159,7 @@ eap::config_method_with_cred::config_method_with_cred(_Inout_ config_method_with
    m_allow_save(std::move(other.m_allow_save)),
    m_use_preshared(std::move(other.m_use_preshared)),
    m_preshared(std::move(other.m_preshared)),
-    m_cred_failed(std::move(other.m_cred_failed)),
+    m_auth_failed(std::move(other.m_auth_failed)),
    config_method(std::move(other))
 {
 }
@@ -172,7 +172,7 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_In_ const
        m_allow_save          = other.m_allow_save;
        m_use_preshared       = other.m_use_preshared;
        m_preshared.reset(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr);
-        m_cred_failed         = other.m_cred_failed;
+        m_auth_failed         = other.m_auth_failed;
    }
    return *this;
@@ -186,7 +186,7 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_Inout_ co
        m_allow_save          = std::move(other.m_allow_save   );
        m_use_preshared       = std::move(other.m_use_preshared);
        m_preshared           = std::move(other.m_preshared    );
-        m_cred_failed         = std::move(other.m_cred_failed  );
+        m_auth_failed         = std::move(other.m_auth_failed  );
    }
    return *this;
@@ -248,7 +248,7 @@ void eap::config_method_with_cred::operator<<(_Inout_ cursor_out &cursor) const
    cursor << m_allow_save;
    cursor << m_use_preshared;
    cursor << *m_preshared;
-    cursor << m_cred_failed;
+    cursor << m_auth_failed;
 }
@@ -259,7 +259,7 @@ size_t eap::config_method_with_cred::get_pk_size() const
        pksizeof(m_allow_save   ) +
        pksizeof(m_use_preshared) +
        pksizeof(*m_preshared   ) +
-        pksizeof(m_cred_failed  );
+        pksizeof(m_auth_failed  );
 }
@@ -269,7 +269,7 @@ void eap::config_method_with_cred::operator>>(_Inout_ cursor_in &cursor)
    cursor >> m_allow_save;
    cursor >> m_use_preshared;
    cursor >> *m_preshared;
-    cursor >> m_cred_failed;
+    cursor >> m_auth_failed;
 }
@@ -296,7 +296,8 @@ eap::config_provider::config_provider(_In_ const config_provider &other) :
    m_lbl_alt_password(other.m_lbl_alt_password),
    config(other)
 {
-    for (list<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
+    m_methods.reserve(other.m_methods.size());
    for (vector<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
        m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr)));
 }
@@ -332,7 +333,8 @@ eap::config_provider& eap::config_provider::operator=(_In_ const config_provider
        m_lbl_alt_password   = other.m_lbl_alt_password;
        m_methods.clear();
-        for (list<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
+        m_methods.reserve(other.m_methods.size());
        for (vector<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
            m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr)));
    }
@@ -432,7 +434,7 @@ void eap::config_provider::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pC
    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods"), bstr(L"AuthenticationMethods"), bstrNamespace, &pXmlElAuthenticationMethods)))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <AuthenticationMethods> element.");
-    for (list<unique_ptr<config_method> >::const_iterator method = m_methods.cbegin(), method_end = m_methods.cend(); method != method_end; ++method) {
+    for (vector<unique_ptr<config_method> >::const_iterator method = m_methods.cbegin(), method_end = m_methods.cend(); method != method_end; ++method) {
        // <AuthenticationMethod>
        com_obj<IXMLDOMElement> pXmlElAuthenticationMethod;
        if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"AuthenticationMethod"), bstrNamespace, &pXmlElAuthenticationMethod)))
@@ -669,7 +671,7 @@ void eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNod
    if (FAILED(hr = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList"), &pXmlElIdentityProviderList)))
        throw com_runtime_error(hr, __FUNCTION__ " Error selecting <EAPIdentityProviderList> element.");
-    for (list<config_provider>::const_iterator provider = m_providers.cbegin(), provider_end = m_providers.cend(); provider != provider_end; ++provider) {
+    for (vector<config_provider>::const_iterator provider = m_providers.cbegin(), provider_end = m_providers.cend(); provider != provider_end; ++provider) {
        // <EAPIdentityProvider>
        com_obj<IXMLDOMElement> pXmlElIdentityProvider;
        if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"EAPIdentityProvider"), bstrNamespace, &pXmlElIdentityProvider)))
--- a/lib/EAPBase/src/Credentials.cpp
+++ b/lib/EAPBase/src/Credentials.cpp
@@ -83,19 +83,6 @@ tstring eap::credentials::get_name() const
 }
 bool eap::credentials::combine(
    _In_       const credentials       *cred_cached,
    _In_       config_method_with_cred &cfg,
    _In_opt_z_ LPCTSTR                 pszTargetName)
 {
    UNREFERENCED_PARAMETER(cred_cached);
    UNREFERENCED_PARAMETER(cfg);
    UNREFERENCED_PARAMETER(pszTargetName);
    // When there's nothing to combine...
    return true;
 }
 //////////////////////////////////////////////////////////////////////
 // eap::credentials_pass
 //////////////////////////////////////////////////////////////////////
--- a/lib/EAPBase/src/Module.cpp
+++ b/lib/EAPBase/src/Module.cpp
@@ -102,6 +102,12 @@ EAP_ERROR* eap::module::make_error(_In_ std::exception &err) const
            return make_error(HRESULT_CODE(e.number()), what.c_str());
    }
    {
        sec_runtime_error &e(dynamic_cast<sec_runtime_error&>(err));
        if (&e)
            return make_error(HRESULT_CODE(e.number()), what.c_str());
    }
    {
        invalid_argument &e(dynamic_cast<invalid_argument&>(err));
        if (&e)
--- a/lib/EAPBase/src/StdAfx.h
+++ b/lib/EAPBase/src/StdAfx.h
@@ -30,5 +30,6 @@
 #include <WinStd/Cred.h>
 #include <WinStd/ETW.h>
 #include <WinStd/Sec.h>
 #include <EventsETW.h>
--- a/lib/EAPBase_UI/include/EAP_UI.h
+++ b/lib/EAPBase_UI/include/EAP_UI.h
@@ -20,6 +20,7 @@
 #include <wx/hyperlink.h>
 #include <wx/icon.h>
 #include <wx/scrolwin.h>
 #include <wx/statbmp.h>
 #include <Windows.h>
@@ -34,18 +35,21 @@ class wxEAPBannerPanel;
 ///
 template <class _wxT> class wxEAPConfigDialog;
 ///
 /// EAP general-use dialog
 ///
 class wxEAPGeneralDialog;
 ///
 /// EAP top-most credential dialog
 ///
 class wxEAPCredentialsDialog;
 ///
 /// EAP general note
 ///
 class wxEAPNotePanel;
 ///
 /// EAP provider-locked congifuration note
 ///
@@ -56,6 +60,21 @@ class wxEAPProviderLockedPanel;
 ///
 class wxEAPCredentialWarningPanel;
 ///
 /// EAP Configuration window
 ///
 class wxEAPConfigWindow;
 ///
 /// EAP provider identity config panel
 ///
 class wxEAPProviderIdentityPanel;
 ///
 /// EAP provider configuration dialog
 ///
 class wxEAPConfigProvider;
 ///
 /// Base template for credential configuration panel
 ///
@@ -76,6 +95,11 @@ template <class _Tcred, class _Tbase> class wxPasswordCredentialsPanel;
 ///
 inline bool wxSetIconFromResource(wxStaticBitmap *bmp, wxIcon &icon, HINSTANCE hinst, PCWSTR pszName);
 ///
 /// Returns GUI displayable provider name
 ///
 inline wxString wxEAPGetProviderName(const std::wstring &id);
 #pragma once
 #include <wx/msw/winundef.h> // Fixes `CreateDialog` name collision
@@ -128,10 +152,10 @@ public:
        // Set extra style here, as wxFormBuilder overrides all default flags.
        this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY);
-        for (std::list<eap::config_provider>::iterator provider = m_cfg.m_providers.begin(), provider_end = m_cfg.m_providers.end(); provider != provider_end; ++provider) {
+        for (std::vector<eap::config_provider>::iterator provider = m_cfg.m_providers.begin(), provider_end = m_cfg.m_providers.end(); provider != provider_end; ++provider) {
            bool is_single = provider->m_methods.size() == 1;
-            std::list<std::unique_ptr<eap::config_method> >::size_type count = 0;
+            std::vector<std::unique_ptr<eap::config_method> >::size_type count = 0;
-            std::list<std::unique_ptr<eap::config_method> >::iterator method = provider->m_methods.begin(), method_end = provider->m_methods.end();
+            std::vector<std::unique_ptr<eap::config_method> >::iterator method = provider->m_methods.begin(), method_end = provider->m_methods.end();
            for (; method != method_end; ++method, count++)
                m_providers->AddPage(
                    new _wxT(
@@ -139,7 +163,9 @@ public:
                        *method->get(),
                        provider->m_id.c_str(),
                        m_providers),
-                    is_single ? provider->m_id : winstd::tstring_printf(_T("%s (%u)"), provider->m_id.c_str(), count));
+                    is_single ?
                        wxEAPGetProviderName(provider->m_id) :
                        winstd::tstring_printf(_T("%s (%u)"), wxEAPGetProviderName(provider->m_id), count));
        }
        this->Layout();
@@ -151,6 +177,7 @@ public:
 protected:
    /// \cond internal
    virtual void OnInitDialog(wxInitDialogEvent& event)
    {
        // Forward the event to child panels.
@@ -160,6 +187,22 @@ protected:
                prov->GetEventHandler()->ProcessEvent(event);
        }
    }
    virtual void OnUpdateUI(wxUpdateUIEvent& event)
    {
        UNREFERENCED_PARAMETER(event);
        m_advanced->Enable(!m_cfg.m_providers.at(m_providers->GetSelection()).m_read_only);
    }
    virtual void OnAdvanced(wxCommandEvent& event)
    {
        UNREFERENCED_PARAMETER(event);
        wxEAPConfigProvider dlg(m_cfg.m_providers.at(m_providers->GetSelection()), this);
        dlg.ShowModal();
    }
    /// \endcond
@@ -168,23 +211,38 @@ protected:
 };
-class wxEAPCredentialsDialog : public wxEAPCredentialsDialogBase
+class wxEAPGeneralDialog : public wxEAPGeneralDialogBase
 {
 public:
    ///
    /// Constructs a dialog
    ///
    wxEAPGeneralDialog(wxWindow* parent, const wxString& title = wxEmptyString);
    ///
    /// Adds panels to the dialog
    ///
    void AddContent(wxPanel **contents, size_t content_count);
    ///
    /// Adds single panel to the dialog
    ///
    void AddContent(wxPanel *content);
 protected:
    /// \cond internal
    virtual void OnInitDialog(wxInitDialogEvent& event);
    /// \endcond
 };
 class wxEAPCredentialsDialog : public wxEAPGeneralDialog
 {
 public:
    ///
    /// Constructs a credential dialog
    ///
    wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent);
    ///
    /// Adds panels to the dialog
    ///
    void AddContents(wxPanel **contents, size_t content_count);
 protected:
    /// \cond internal
    virtual void OnInitDialog(wxInitDialogEvent& event);
    /// \endcond
 };
@@ -265,6 +323,103 @@ protected:
 };
 class wxEAPConfigWindow : public wxScrolledWindow
 {
 public:
    ///
    /// Constructs a configuration window
    ///
    /// \param[in]    prov    Provider configuration data
    /// \param[inout] cfg     Configuration data
    /// \param[in]    parent  Parent window
    ///
    wxEAPConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, wxWindow* parent);
    ///
    /// Destructs the configuration window
    ///
    virtual ~wxEAPConfigWindow();
 protected:
    /// \cond internal
    virtual void OnInitDialog(wxInitDialogEvent& event);
    virtual void OnUpdateUI(wxUpdateUIEvent& event);
    /// \endcond
 protected:
    const eap::config_provider &m_prov;     ///< EAP provider
    eap::config_method &m_cfg;              ///< Method configuration
 };
 class wxEAPProviderIdentityPanel : public wxEAPProviderIdentityPanelBase
 {
 public:
    ///
    /// Constructs a provider identity pannel
    ///
    /// \param[inout] prov    Provider configuration data
    /// \param[in]    parent  Parent window
    ///
    wxEAPProviderIdentityPanel(eap::config_provider &prov, wxWindow* parent);
    friend class wxEAPConfigProvider; // Allows direct setting of keyboard focus
 protected:
    /// \cond internal
    virtual bool TransferDataToWindow();
    virtual bool TransferDataFromWindow();
    /// \endcond
 protected:
    eap::config_provider &m_prov;   ///< EAP method configuration
    winstd::library m_shell32;      ///< shell32.dll resource library reference
    wxIcon m_icon;                  ///< Panel icon
 };
 class wxEAPProviderLockPanel : public wxEAPProviderLockPanelBase
 {
 public:
    ///
    /// Constructs a provider lock pannel
    ///
    /// \param[inout] prov    Provider configuration data
    /// \param[in]    parent  Parent window
    ///
    wxEAPProviderLockPanel(eap::config_provider &prov, wxWindow* parent);
 protected:
    /// \cond internal
    virtual bool TransferDataToWindow();
    virtual bool TransferDataFromWindow();
    /// \endcond
 protected:
    eap::config_provider &m_prov;   ///< EAP method configuration
    winstd::library m_shell32;      ///< shell32.dll resource library reference
    wxIcon m_icon;                  ///< Panel icon
 };
 class wxEAPConfigProvider : public wxEAPGeneralDialog
 {
 public:
    ///
    /// Constructs a provider config dialog
    ///
    /// \param[inout] prov    Provider configuration data
    /// \param[in]    parent  Parent window
    ///
    wxEAPConfigProvider(eap::config_provider &prov, wxWindow* parent);
 protected:
    eap::config_provider &m_prov;           ///< EAP method configuration
    wxEAPProviderIdentityPanel *m_identity; ///< Provider identity panel
    wxEAPProviderLockPanel *m_lock;         ///< Provider lock panel
 };
 template <class _Tcred, class _wxT>
 class wxEAPCredentialsConfigPanel : public wxEAPCredentialsConfigPanelBase
 {
@@ -289,6 +444,14 @@ public:
            wxSetIconFromResource(m_credentials_icon, m_icon, m_shell32, MAKEINTRESOURCE(/*16770*/269));
    }
    ///
    /// Sets keyboard focus to the first control that do not capture mouse wheel
    ///
    inline void SetFocusFromKbd()
    {
        m_own->SetFocusFromKbd();
    }
 protected:
    /// \cond internal
@@ -402,7 +565,7 @@ protected:
        // Display credential prompt.
        wxEAPCredentialsDialog dlg(m_prov, this);
        _wxT *panel = new _wxT(m_prov, m_cfg, cred, m_target.c_str(), &dlg, true);
-        dlg.AddContents((wxPanel**)&panel, 1);
+        dlg.AddContent(panel);
        if (dlg.ShowModal() == wxID_OK && panel->GetRememberValue()) {
            // Write credentials to credential manager.
            try {
@@ -433,21 +596,21 @@ protected:
        _wxT *panel = new _wxT(m_prov, m_cfg, m_cred, _T(""), &dlg, true);
-        dlg.AddContents((wxPanel**)&panel, 1);
+        dlg.AddContent(panel);
        dlg.ShowModal();
    }
    /// \endcond
 protected:
-    const eap::config_provider &m_prov;             ///< EAP provider
+    const eap::config_provider &m_prov;     ///< EAP provider
    eap::config_method_with_cred &m_cfg;    ///< EAP method configuration
-    winstd::library m_shell32;                      ///< shell32.dll resource library reference
+    winstd::library m_shell32;              ///< shell32.dll resource library reference
-    wxIcon m_icon;                                  ///< Panel icon
+    wxIcon m_icon;                          ///< Panel icon
-    winstd::tstring m_target;                       ///< Credential Manager target
+    winstd::tstring m_target;               ///< Credential Manager target
 private:
-    _Tcred m_cred;                                  ///< Temporary credential data
+    _Tcred m_cred;                          ///< Temporary credential data
 };
@@ -486,6 +649,11 @@ public:
        this->Disconnect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(_Tthis::OnUpdateUI));
    }
    inline void SetRememberValue(bool val)
    {
        return m_remember->SetValue(val);
    }
    inline bool GetRememberValue() const
    {
        return m_remember->GetValue();
@@ -576,12 +744,12 @@ protected:
        m_identity->SetSelection(0, -1);
        m_password->SetValue(m_cred.m_password.empty() ? wxEmptyString : s_dummy_password);
-        return wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPanelPassBase>::TransferDataToWindow();
+        return wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPassPanelBase>::TransferDataToWindow();
    }
    virtual bool TransferDataFromWindow()
    {
-        if (!wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPanelPassBase>::TransferDataFromWindow())
+        if (!wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPassPanelBase>::TransferDataFromWindow())
            return false;
        m_cred.m_identity = m_identity->GetValue();
@@ -604,7 +772,7 @@ protected:
            m_password      ->Enable(false);
        }
-        wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPanelPassBase>::OnUpdateUI(event);
+        wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPassPanelBase>::OnUpdateUI(event);
    }
    /// \endcond
@@ -633,3 +801,10 @@ inline bool wxSetIconFromResource(wxStaticBitmap *bmp, wxIcon &icon, HINSTANCE h
    } else
        return false;
 }
 inline wxString wxEAPGetProviderName(const std::wstring &id)
 {
    return
        !id.empty() ? id : _("<Your Organization>");
 }
--- a/lib/EAPBase_UI/res/wxEAP_UI.cpp
+++ b/lib/EAPBase_UI/res/wxEAP_UI.cpp
@@ -28,6 +28,20 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
 	sb_content->Add( m_providers, 1, wxEXPAND|wxALL, 10 );
 	wxBoxSizer* sb_bottom_horiz;
 	sb_bottom_horiz = new wxBoxSizer( wxHORIZONTAL );
 	wxBoxSizer* sb_bottom_horiz_inner;
 	sb_bottom_horiz_inner = new wxBoxSizer( wxHORIZONTAL );
 	m_advanced = new wxButton( this, wxID_ANY, _("Advanced..."), wxDefaultPosition, wxDefaultSize, 0 );
 	m_advanced->SetToolTip( _("Opens dialog with provider settings") );
 	sb_bottom_horiz_inner->Add( m_advanced, 0, wxALL, 5 );
 	sb_bottom_horiz->Add( sb_bottom_horiz_inner, 1, wxEXPAND, 5 );
 	m_buttons = new wxStdDialogButtonSizer();
 	m_buttonsOK = new wxButton( this, wxID_OK );
 	m_buttons->AddButton( m_buttonsOK );
@@ -35,7 +49,10 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
 	m_buttons->AddButton( m_buttonsCancel );
 	m_buttons->Realize();
-	sb_content->Add( m_buttons, 0, wxEXPAND|wxALL, 5 );
+	sb_bottom_horiz->Add( m_buttons, 0, wxEXPAND|wxALL, 5 );
 	sb_content->Add( sb_bottom_horiz, 0, wxEXPAND, 5 );
 	this->SetSizer( sb_content );
@@ -44,16 +61,20 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
 	// Connect Events
 	this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPConfigDialogBase::OnInitDialog ) );
 	this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPConfigDialogBase::OnUpdateUI ) );
 	m_advanced->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnAdvanced ), NULL, this );
 }
 wxEAPConfigDialogBase::~wxEAPConfigDialogBase()
 {
 	// Disconnect Events
 	this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPConfigDialogBase::OnInitDialog ) );
 	this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPConfigDialogBase::OnUpdateUI ) );
 	m_advanced->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnAdvanced ), NULL, this );
 }
-wxEAPCredentialsDialogBase::wxEAPCredentialsDialogBase( wxWindow* parent, wxWindowID id, const wxString& title, const wxPoint& pos, const wxSize& size, long style ) : wxDialog( parent, id, title, pos, size, style )
+wxEAPGeneralDialogBase::wxEAPGeneralDialogBase( wxWindow* parent, wxWindowID id, const wxString& title, const wxPoint& pos, const wxSize& size, long style ) : wxDialog( parent, id, title, pos, size, style )
 {
 	this->SetSizeHints( wxDefaultSize, wxDefaultSize );
@@ -84,13 +105,13 @@ wxEAPCredentialsDialogBase::wxEAPCredentialsDialogBase( wxWindow* parent, wxWind
 	sb_content->Fit( this );
 	// Connect Events
-	this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPCredentialsDialogBase::OnInitDialog ) );
+	this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPGeneralDialogBase::OnInitDialog ) );
 }
-wxEAPCredentialsDialogBase::~wxEAPCredentialsDialogBase()
+wxEAPGeneralDialogBase::~wxEAPGeneralDialogBase()
 {
 	// Disconnect Events
-	this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPCredentialsDialogBase::OnInitDialog ) );
+	this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPGeneralDialogBase::OnInitDialog ) );
 }
@@ -99,20 +120,20 @@ wxEAPBannerPanelBase::wxEAPBannerPanelBase( wxWindow* parent, wxWindowID id, con
 	this->SetBackgroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_HIGHLIGHT ) );
 	this->SetMinSize( wxSize( -1,48 ) );
-	wxBoxSizer* sc_content;
+	wxBoxSizer* sb_content;
-	sc_content = new wxBoxSizer( wxVERTICAL );
+	sb_content = new wxBoxSizer( wxVERTICAL );
 	m_title = new wxStaticText( this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, wxALIGN_RIGHT );
 	m_title->Wrap( -1 );
 	m_title->SetFont( wxFont( 18, 70, 90, 90, false, wxEmptyString ) );
 	m_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_HIGHLIGHTTEXT ) );
-	sc_content->Add( m_title, 0, wxALL|wxEXPAND, 5 );
+	sb_content->Add( m_title, 0, wxALL|wxEXPAND, 5 );
-	this->SetSizer( sc_content );
+	this->SetSizer( sb_content );
 	this->Layout();
-	sc_content->Fit( this );
+	sb_content->Fit( this );
 }
 wxEAPBannerPanelBase::~wxEAPBannerPanelBase()
@@ -269,7 +290,7 @@ wxEAPCredentialsConfigPanelBase::~wxEAPCredentialsConfigPanelBase()
 }
-wxEAPCredentialsPanelPassBase::wxEAPCredentialsPanelPassBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
+wxEAPCredentialsPassPanelBase::wxEAPCredentialsPassPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
 {
 	wxStaticBoxSizer* sb_credentials;
 	sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Client Credentials") ), wxVERTICAL );
@@ -330,6 +351,168 @@ wxEAPCredentialsPanelPassBase::wxEAPCredentialsPanelPassBase( wxWindow* parent,
 	this->Layout();
 }
-wxEAPCredentialsPanelPassBase::~wxEAPCredentialsPanelPassBase()
+wxEAPCredentialsPassPanelBase::~wxEAPCredentialsPassPanelBase()
 {
 }
 wxEAPProviderIdentityPanelBase::wxEAPProviderIdentityPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
 {
 	wxStaticBoxSizer* sb_provider_id;
 	sb_provider_id = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Your Organization") ), wxVERTICAL );
 	wxBoxSizer* sb_provider_id_horiz;
 	sb_provider_id_horiz = new wxBoxSizer( wxHORIZONTAL );
 	m_provider_id_icon = new wxStaticBitmap( sb_provider_id->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
 	sb_provider_id_horiz->Add( m_provider_id_icon, 0, wxALL, 5 );
 	wxBoxSizer* sb_provider_id_vert;
 	sb_provider_id_vert = new wxBoxSizer( wxVERTICAL );
 	m_provider_id_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Describe your organization to customize user prompts.  When organization is introduced, end-users find program messages easier to understand and act."), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_id_label->Wrap( 446 );
 	sb_provider_id_vert->Add( m_provider_id_label, 0, wxALL|wxEXPAND, 5 );
 	wxBoxSizer* sb_provider_name;
 	sb_provider_name = new wxBoxSizer( wxVERTICAL );
 	m_provider_name_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Your organization &name:"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_name_label->Wrap( -1 );
 	sb_provider_name->Add( m_provider_name_label, 0, wxBOTTOM, 5 );
 	m_provider_name = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_name->SetToolTip( _("Your organization name as it will appear on helpdesk contact notifications") );
 	sb_provider_name->Add( m_provider_name, 0, wxEXPAND|wxBOTTOM, 5 );
 	m_provider_name_note = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("(Keep it short, please)"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_name_note->Wrap( -1 );
 	sb_provider_name->Add( m_provider_name_note, 0, wxALIGN_RIGHT, 5 );
 	sb_provider_id_vert->Add( sb_provider_name, 0, wxEXPAND|wxALL, 5 );
 	wxBoxSizer* sb_provider_helpdesk;
 	sb_provider_helpdesk = new wxBoxSizer( wxVERTICAL );
 	m_provider_helpdesk_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Helpdesk contact &information:"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_helpdesk_label->Wrap( -1 );
 	sb_provider_helpdesk->Add( m_provider_helpdesk_label, 0, wxBOTTOM, 5 );
 	wxFlexGridSizer* sb_provider_helpdesk_inner;
 	sb_provider_helpdesk_inner = new wxFlexGridSizer( 0, 2, 0, 0 );
 	sb_provider_helpdesk_inner->AddGrowableCol( 1 );
 	sb_provider_helpdesk_inner->SetFlexibleDirection( wxBOTH );
 	sb_provider_helpdesk_inner->SetNonFlexibleGrowMode( wxFLEX_GROWMODE_SPECIFIED );
 	m_provider_web_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("¶"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_web_icon->Wrap( -1 );
 	m_provider_web_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
 	sb_provider_helpdesk_inner->Add( m_provider_web_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
 	m_provider_web = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_web->SetToolTip( _("Your helpdesk website") );
 	sb_provider_helpdesk_inner->Add( m_provider_web, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );
 	m_provider_email_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("*"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_email_icon->Wrap( -1 );
 	m_provider_email_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
 	sb_provider_helpdesk_inner->Add( m_provider_email_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
 	m_provider_email = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_email->SetToolTip( _("Your helpdesk e-mail address") );
 	sb_provider_helpdesk_inner->Add( m_provider_email, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );
 	m_provider_phone_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _(")"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_phone_icon->Wrap( -1 );
 	m_provider_phone_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
 	sb_provider_helpdesk_inner->Add( m_provider_phone_icon, 0, wxALIGN_CENTER_VERTICAL|wxRIGHT, 5 );
 	m_provider_phone = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_phone->SetToolTip( _("Your helpdesk phone number") );
 	sb_provider_helpdesk_inner->Add( m_provider_phone, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL, 5 );
 	sb_provider_helpdesk->Add( sb_provider_helpdesk_inner, 1, wxEXPAND, 5 );
 	sb_provider_id_vert->Add( sb_provider_helpdesk, 1, wxEXPAND, 5 );
 	sb_provider_id_horiz->Add( sb_provider_id_vert, 1, wxEXPAND, 5 );
 	sb_provider_id->Add( sb_provider_id_horiz, 1, wxEXPAND, 5 );
 	this->SetSizer( sb_provider_id );
 	this->Layout();
 	// Connect Events
 	this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderIdentityPanelBase::OnUpdateUI ) );
 }
 wxEAPProviderIdentityPanelBase::~wxEAPProviderIdentityPanelBase()
 {
 	// Disconnect Events
 	this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderIdentityPanelBase::OnUpdateUI ) );
 }
 wxEAPProviderLockPanelBase::wxEAPProviderLockPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
 {
 	wxStaticBoxSizer* sb_provider_lock;
 	sb_provider_lock = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Configuration Lock") ), wxVERTICAL );
 	wxBoxSizer* sb_provider_lock_horiz;
 	sb_provider_lock_horiz = new wxBoxSizer( wxHORIZONTAL );
 	m_provider_lock_icon = new wxStaticBitmap( sb_provider_lock->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
 	sb_provider_lock_horiz->Add( m_provider_lock_icon, 0, wxALL, 5 );
 	wxBoxSizer* sb_provider_lock_vert;
 	sb_provider_lock_vert = new wxBoxSizer( wxVERTICAL );
 	m_provider_lock_label = new wxStaticText( sb_provider_lock->GetStaticBox(), wxID_ANY, _("Your configuration can be locked to prevent accidental modification by end-users. Users will only be allowed to enter credentials."), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_lock_label->Wrap( 446 );
 	sb_provider_lock_vert->Add( m_provider_lock_label, 0, wxALL|wxEXPAND, 5 );
 	wxBoxSizer* sb_provider_name;
 	sb_provider_name = new wxBoxSizer( wxVERTICAL );
 	m_provider_lock = new wxCheckBox( sb_provider_lock->GetStaticBox(), wxID_ANY, _("&Lock this configuration and prevent any further modification via user interface."), wxDefaultPosition, wxDefaultSize, 0 );
 	sb_provider_name->Add( m_provider_lock, 0, wxEXPAND|wxBOTTOM, 5 );
 	m_provider_lock_note = new wxStaticText( sb_provider_lock->GetStaticBox(), wxID_ANY, _("(Warning: Once locked, you can not revert using this dialog!)"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_lock_note->Wrap( -1 );
 	sb_provider_name->Add( m_provider_lock_note, 0, wxALIGN_RIGHT, 5 );
 	sb_provider_lock_vert->Add( sb_provider_name, 0, wxEXPAND|wxALL, 5 );
 	sb_provider_lock_horiz->Add( sb_provider_lock_vert, 1, wxEXPAND, 5 );
 	sb_provider_lock->Add( sb_provider_lock_horiz, 1, wxEXPAND, 5 );
 	this->SetSizer( sb_provider_lock );
 	this->Layout();
 	// Connect Events
 	this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderLockPanelBase::OnUpdateUI ) );
 }
 wxEAPProviderLockPanelBase::~wxEAPProviderLockPanelBase()
 {
 	// Disconnect Events
 	this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderLockPanelBase::OnUpdateUI ) );
 }
--- a/lib/EAPBase_UI/res/wxEAP_UI.fbp
+++ b/lib/EAPBase_UI/res/wxEAP_UI.fbp
--- a/lib/EAPBase_UI/res/wxEAP_UI.h
+++ b/lib/EAPBase_UI/res/wxEAP_UI.h
@@ -18,8 +18,8 @@ class wxEAPBannerPanel;
 #include <wx/settings.h>
 #include <wx/string.h>
 #include <wx/notebook.h>
 #include <wx/sizer.h>
 #include <wx/button.h>
 #include <wx/sizer.h>
 #include <wx/dialog.h>
 #include <wx/stattext.h>
 #include <wx/panel.h>
@@ -44,12 +44,15 @@ class wxEAPConfigDialogBase : public wxDialog
 	protected:
 		wxEAPBannerPanel *m_banner;
 		wxNotebook* m_providers;
 		wxButton* m_advanced;
 		wxStdDialogButtonSizer* m_buttons;
 		wxButton* m_buttonsOK;
 		wxButton* m_buttonsCancel;
 		// Virtual event handlers, overide them in your derived class
 		virtual void OnInitDialog( wxInitDialogEvent& event ) { event.Skip(); }
 		virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
 		virtual void OnAdvanced( wxCommandEvent& event ) { event.Skip(); }
 	public:
@@ -60,9 +63,9 @@ class wxEAPConfigDialogBase : public wxDialog
 };
 ///////////////////////////////////////////////////////////////////////////////
-/// Class wxEAPCredentialsDialogBase
+/// Class wxEAPGeneralDialogBase
 ///////////////////////////////////////////////////////////////////////////////
-class wxEAPCredentialsDialogBase : public wxDialog 
+class wxEAPGeneralDialogBase : public wxDialog 
 {
 	private:
@@ -79,8 +82,8 @@ class wxEAPCredentialsDialogBase : public wxDialog
 	public:
-		wxEAPCredentialsDialogBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxString& title = _("EAP Credentials"), const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE ); 
+		wxEAPGeneralDialogBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxString& title = wxEmptyString, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE ); 
-		~wxEAPCredentialsDialogBase();
+		~wxEAPGeneralDialogBase();
 };
@@ -153,9 +156,9 @@ class wxEAPCredentialsConfigPanelBase : public wxPanel
 };
 ///////////////////////////////////////////////////////////////////////////////
-/// Class wxEAPCredentialsPanelPassBase
+/// Class wxEAPCredentialsPassPanelBase
 ///////////////////////////////////////////////////////////////////////////////
-class wxEAPCredentialsPanelPassBase : public wxPanel 
+class wxEAPCredentialsPassPanelBase : public wxPanel 
 {
 	private:
@@ -170,8 +173,64 @@ class wxEAPCredentialsPanelPassBase : public wxPanel
 	public:
-		wxEAPCredentialsPanelPassBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
+		wxEAPCredentialsPassPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
-		~wxEAPCredentialsPanelPassBase();
+		~wxEAPCredentialsPassPanelBase();
 };
 ///////////////////////////////////////////////////////////////////////////////
 /// Class wxEAPProviderIdentityPanelBase
 ///////////////////////////////////////////////////////////////////////////////
 class wxEAPProviderIdentityPanelBase : public wxPanel 
 {
 	private:
 	protected:
 		wxStaticBitmap* m_provider_id_icon;
 		wxStaticText* m_provider_id_label;
 		wxStaticText* m_provider_name_label;
 		wxTextCtrl* m_provider_name;
 		wxStaticText* m_provider_name_note;
 		wxStaticText* m_provider_helpdesk_label;
 		wxStaticText* m_provider_web_icon;
 		wxTextCtrl* m_provider_web;
 		wxStaticText* m_provider_email_icon;
 		wxTextCtrl* m_provider_email;
 		wxStaticText* m_provider_phone_icon;
 		wxTextCtrl* m_provider_phone;
 		// Virtual event handlers, overide them in your derived class
 		virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
 	public:
 		wxEAPProviderIdentityPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
 		~wxEAPProviderIdentityPanelBase();
 };
 ///////////////////////////////////////////////////////////////////////////////
 /// Class wxEAPProviderLockPanelBase
 ///////////////////////////////////////////////////////////////////////////////
 class wxEAPProviderLockPanelBase : public wxPanel 
 {
 	private:
 	protected:
 		wxStaticBitmap* m_provider_lock_icon;
 		wxStaticText* m_provider_lock_label;
 		wxCheckBox* m_provider_lock;
 		wxStaticText* m_provider_lock_note;
 		// Virtual event handlers, overide them in your derived class
 		virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
 	public:
 		wxEAPProviderLockPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
 		~wxEAPProviderLockPanelBase();
 };
--- a/lib/EAPBase_UI/src/EAP_UI.cpp
+++ b/lib/EAPBase_UI/src/EAP_UI.cpp
@@ -38,22 +38,19 @@ bool wxEAPBannerPanel::AcceptsFocusFromKeyboard() const
 //////////////////////////////////////////////////////////////////////
-// wxEAPCredentialsDialog
+// wxEAPGeneralDialog
 //////////////////////////////////////////////////////////////////////
-wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent) : wxEAPCredentialsDialogBase(parent)
+wxEAPGeneralDialog::wxEAPGeneralDialog(wxWindow* parent, const wxString& title) : wxEAPGeneralDialogBase(parent, wxID_ANY, title)
 {
    // Set extra style here, as wxFormBuilder overrides all default flags.
    this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY);
    // Set banner title.
    m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), prov.m_id.c_str()));
    m_buttonsOK->SetDefault();
 }
-void wxEAPCredentialsDialog::AddContents(wxPanel **contents, size_t content_count)
+void wxEAPGeneralDialog::AddContent(wxPanel **contents, size_t content_count)
 {
    if (content_count) {
        for (size_t i = 0; i < content_count; i++)
@@ -66,13 +63,30 @@ void wxEAPCredentialsDialog::AddContents(wxPanel **contents, size_t content_coun
 }
-void wxEAPCredentialsDialog::OnInitDialog(wxInitDialogEvent& event)
+void wxEAPGeneralDialog::AddContent(wxPanel *content)
 {
    AddContent(&content, 1);
 }
 void wxEAPGeneralDialog::OnInitDialog(wxInitDialogEvent& event)
 {
    for (wxSizerItemList::compatibility_iterator panel = m_panels->GetChildren().GetFirst(); panel; panel = panel->GetNext())
        panel->GetData()->GetWindow()->GetEventHandler()->ProcessEvent(event);
 }
 //////////////////////////////////////////////////////////////////////
 // wxEAPCredentialsDialog
 //////////////////////////////////////////////////////////////////////
 wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent) : wxEAPGeneralDialog(parent, _("EAP Credentials"))
 {
    // Set banner title.
    m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), wxEAPGetProviderName(prov.m_id).c_str()));
 }
 //////////////////////////////////////////////////////////////////////
 // wxEAPNotePanel
 //////////////////////////////////////////////////////////////////////
@@ -182,10 +196,150 @@ wxEAPCredentialWarningPanel::wxEAPCredentialWarningPanel(const eap::config_provi
    if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
        wxSetIconFromResource(m_note_icon, m_icon, m_shell32, MAKEINTRESOURCE(161));
-    m_note_label->SetLabel(_("Previous attempt to connect using provided credentials failed. Please, make sure your credentials are correct, or try again later."));
+    m_note_label->SetLabel(_("Previous attempt to connect failed. Please, make sure your credentials are correct, or try again later."));
    m_note_label->Wrap(449);
    CreateContactFields(prov);
    this->Layout();
 }
 //////////////////////////////////////////////////////////////////////
 // wxEAPConfigWindow
 //////////////////////////////////////////////////////////////////////
 wxEAPConfigWindow::wxEAPConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, wxWindow* parent) :
    m_prov(prov),
    m_cfg(cfg),
    wxScrolledWindow(parent, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxVSCROLL)
 {
    this->SetScrollRate(5, 5);
    // Connect Events
    this->Connect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxEAPConfigWindow::OnInitDialog));
    this->Connect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(wxEAPConfigWindow::OnUpdateUI));
 }
 wxEAPConfigWindow::~wxEAPConfigWindow()
 {
    // Disconnect Events
    this->Disconnect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(wxEAPConfigWindow::OnUpdateUI));
    this->Disconnect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxEAPConfigWindow::OnInitDialog));
 }
 void wxEAPConfigWindow::OnInitDialog(wxInitDialogEvent& event)
 {
    UNREFERENCED_PARAMETER(event);
    // Call TransferDataToWindow() manually, as wxScrolledWindow somehow skips that.
    TransferDataToWindow();
 }
 void wxEAPConfigWindow::OnUpdateUI(wxUpdateUIEvent& event)
 {
    UNREFERENCED_PARAMETER(event);
    if (m_parent && m_parent->IsKindOf(wxCLASSINFO(wxNotebook))) {
        // We're a notebook page. Set the ID of our provider as our page label.
        wxNotebook *notebook = (wxNotebook*)m_parent;
        int idx = notebook->FindPage(this);
        if (idx != wxNOT_FOUND)
            notebook->SetPageText(idx, wxEAPGetProviderName(m_prov.m_id));
    } else
        this->SetLabel(wxEAPGetProviderName(m_prov.m_id));
 }
 //////////////////////////////////////////////////////////////////////
 // wxEAPProviderIdentityPanel
 //////////////////////////////////////////////////////////////////////
 wxEAPProviderIdentityPanel::wxEAPProviderIdentityPanel(eap::config_provider &prov, wxWindow* parent) :
    m_prov(prov),
    wxEAPProviderIdentityPanelBase(parent)
 {
    // Load and set icon.
    if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
        wxSetIconFromResource(m_provider_id_icon, m_icon, m_shell32, MAKEINTRESOURCE(259));
 }
 bool wxEAPProviderIdentityPanel::TransferDataToWindow()
 {
    m_provider_name ->SetValue(m_prov.m_id        );
    m_provider_web  ->SetValue(m_prov.m_help_web  );
    m_provider_email->SetValue(m_prov.m_help_email);
    m_provider_phone->SetValue(m_prov.m_help_phone);
    return wxEAPProviderIdentityPanelBase::TransferDataToWindow();
 }
 bool wxEAPProviderIdentityPanel::TransferDataFromWindow()
 {
    wxCHECK(wxEAPProviderIdentityPanelBase::TransferDataFromWindow(), false);
    m_prov.m_id         = m_provider_name ->GetValue();
    m_prov.m_help_web   = m_provider_web  ->GetValue();
    m_prov.m_help_email = m_provider_email->GetValue();
    m_prov.m_help_phone = m_provider_phone->GetValue();
    return true;
 }
 //////////////////////////////////////////////////////////////////////
 // wxEAPProviderLockPanel
 //////////////////////////////////////////////////////////////////////
 wxEAPProviderLockPanel::wxEAPProviderLockPanel(eap::config_provider &prov, wxWindow* parent) :
    m_prov(prov),
    wxEAPProviderLockPanelBase(parent)
 {
    // Load and set icon.
    if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
        wxSetIconFromResource(m_provider_lock_icon, m_icon, m_shell32, MAKEINTRESOURCE(1003));
 }
 bool wxEAPProviderLockPanel::TransferDataToWindow()
 {
    m_provider_lock->SetValue(m_prov.m_read_only);
    return wxEAPProviderLockPanelBase::TransferDataToWindow();
 }
 bool wxEAPProviderLockPanel::TransferDataFromWindow()
 {
    wxCHECK(wxEAPProviderLockPanelBase::TransferDataFromWindow(), false);
    m_prov.m_read_only = m_provider_lock->GetValue();
    return true;
 }
 //////////////////////////////////////////////////////////////////////
 // wxEAPConfigProvider
 //////////////////////////////////////////////////////////////////////
 wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow* parent) :
    m_prov(prov),
    wxEAPGeneralDialog(parent, _("Provider Settings"))
 {
    // Set banner title.
    m_banner->m_title->SetLabel(_("Provider Settings"));
    m_identity = new wxEAPProviderIdentityPanel(prov, this);
    AddContent(m_identity);
    m_lock = new wxEAPProviderLockPanel(prov, this);
    AddContent(m_lock);
    m_identity->m_provider_name->SetFocusFromKbd();
 }
--- a/lib/Events/res/EventsETW.man
+++ b/lib/Events/res/EventsETW.man
--- a/lib/PAP/include/Credentials.h
+++ b/lib/PAP/include/Credentials.h
@@ -113,7 +113,7 @@ namespace eap
        /// - \c true  if credentials were set;
        /// - \c false otherwise
        ///
-        bool combine(
+        source_t combine(
            _In_       const credentials_pap   *cred_cached,
            _In_       const config_method_pap &cfg,
            _In_opt_z_       LPCTSTR           pszTargetName);
--- a/lib/PAP/src/Credentials.cpp
+++ b/lib/PAP/src/Credentials.cpp
@@ -75,7 +75,7 @@ LPCTSTR eap::credentials_pap::target_suffix() const
 }
-bool eap::credentials_pap::combine(
+eap::credentials::source_t eap::credentials_pap::combine(
    _In_       const credentials_pap   *cred_cached,
    _In_       const config_method_pap &cfg,
    _In_opt_z_       LPCTSTR           pszTargetName)
@@ -84,14 +84,14 @@ bool eap::credentials_pap::combine(
        // Using EAP service cached credentials.
        *this = *cred_cached;
        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
-        return true;
+        return source_cache;
    }
    if (cfg.m_use_preshared) {
        // Using preshared credentials.
        *this = *(credentials_pap*)cfg.m_preshared.get();
        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
-        return true;
+        return source_preshared;
    }
    if (pszTargetName) {
@@ -102,11 +102,11 @@ bool eap::credentials_pap::combine(
            // Using stored credentials.
            *this = std::move(cred_loaded);
            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
-            return true;
+            return source_storage;
        } catch (...) {
            // Not actually an error.
        }
    }
-    return false;
+    return source_unknown;
 }
--- a/lib/PAP_UI/include/PAP_UI.h
+++ b/lib/PAP_UI/include/PAP_UI.h
@@ -25,7 +25,7 @@
 ///
 /// PAP credential configuration panel
 ///
-typedef wxEAPCredentialsConfigPanel<eap::credentials_pap, wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPanelPassBase> > wxPAPCredentialsConfigPanel;
+typedef wxEAPCredentialsConfigPanel<eap::credentials_pap, wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPassPanelBase> > wxPAPCredentialsConfigPanel;
 ///
 /// PAP configuration panel
@@ -35,7 +35,7 @@ class wxPAPConfigPanel;
 ///
 /// PAP credential entry panel
 ///
-typedef wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPanelPassBase> wxPAPCredentialsPanel;
+typedef wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPassPanelBase> wxPAPCredentialsPanel;
 #pragma once
--- a/lib/TLS/include/Config.h
+++ b/lib/TLS/include/Config.h
@@ -167,10 +167,6 @@ namespace eap
    public:
        std::list<winstd::cert_context> m_trusted_root_ca;  ///< Trusted root CAs
-        std::list<std::string> m_server_names;              ///< Acceptable authenticating server names
+        std::list<std::wstring> m_server_names;             ///< Acceptable authenticating server names
        // Following members are used for session resumptions. They are not exported/imported to XML.
        sanitizing_blob m_session_id;                       ///< TLS session ID
        tls_master_secret m_master_secret;                  ///< TLS master secret
    };
 }
--- a/lib/TLS/include/Credentials.h
+++ b/lib/TLS/include/Credentials.h
@@ -200,7 +200,7 @@ namespace eap
        /// - \c true  if credentials were set;
        /// - \c false otherwise
        ///
-        bool combine(
+        source_t combine(
            _In_       const credentials_tls   *cred_cached,
            _In_       const config_method_tls &cfg,
            _In_opt_z_       LPCTSTR           pszTargetName);
--- a/lib/TLS/include/Method.h
+++ b/lib/TLS/include/Method.h
@@ -36,6 +36,7 @@ namespace eap
 #include "../../EAPBase/include/Method.h"
 #include <WinStd/Crypt.h>
 #include <WinStd/Sec.h>
 #include <list>
 #include <vector>
@@ -127,19 +128,6 @@ namespace eap
            std::vector<unsigned char> m_data;          ///< Packet data
        };
 #pragma pack(push)
 #pragma pack(1)
        ///
        /// TLS message
        ///
        struct message_header
        {
            tls_message_type_t type;    ///< Message type (one of `message_type_t` constants)
            tls_version version;        ///< SSL/TLS version
            unsigned char length[2];    ///< Message length (in network byte order)
        };
 #pragma pack(pop)
    public:
        ///
        /// Constructs an EAP method
@@ -216,278 +204,30 @@ namespace eap
        /// @}
    protected:
-        /// \name Client handshake message generation
+        ///
-        /// @{
+        /// Process handshake
        ///
        void process_handshake();
        ///
-        /// Makes a TLS client hello message
+        /// Process application data
        ///
-        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.1.2. Client Hello)](https://tools.ietf.org/html/rfc5246#section-7.4.1.2)
+        void process_application_data();
        ///
        /// \returns Client hello message
        ///
        sanitizing_blob make_client_hello();
        ///
-        /// Makes a TLS client certificate message
+        /// Processes an application message
        ///
-        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.6. Client Certificate)](https://tools.ietf.org/html/rfc5246#section-7.4.6)
+        /// \param[in] msg       Application message data
        /// \param[in] size_msg  Application message data size
        ///
-        /// \returns Client certificate message
+        virtual void process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg);
        ///
        sanitizing_blob make_client_cert() const;
        ///
        /// Makes a TLS client key exchange message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.7. Client Key Exchange Message )](https://tools.ietf.org/html/rfc5246#section-7.4.7)
        ///
        /// \param[in] pms  Pre-master secret
        ///
        /// \returns Client key exchange message
        ///
        sanitizing_blob make_client_key_exchange(_In_ const tls_master_secret &pms) const;
        ///
        /// Makes a TLS change cipher spec message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
        ///
        /// \returns Change cipher spec
        ///
        eap::sanitizing_blob make_change_chiper_spec() const;
        ///
        /// Makes a TLS finished message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
        ///
        /// \returns Change cipher spec
        ///
        eap::sanitizing_blob make_finished() const;
        /// @}
        /// \name Client/Server handshake hashing
        /// @{
        ///
        /// Hashes handshake message for "finished" message validation.
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.9. Finished)](https://tools.ietf.org/html/rfc5246#section-7.4.9)
        ///
        /// \param[in] data  Data to hash
        /// \param[in] size  \p data size in bytes
        ///
        inline void hash_handshake(_In_count_(size) const void *data, _In_ size_t size)
        {
            CryptHashData(m_hash_handshake_msgs_md5   , (const BYTE*)data, (DWORD)size, 0);
            CryptHashData(m_hash_handshake_msgs_sha1  , (const BYTE*)data, (DWORD)size, 0);
            CryptHashData(m_hash_handshake_msgs_sha256, (const BYTE*)data, (DWORD)size, 0);
        }
        ///
        /// Hashes handshake message for "finished" message validation.
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.9. Finished)](https://tools.ietf.org/html/rfc5246#section-7.4.9)
        ///
        /// \param[in] data  Data to hash
        /// \param[in] size  \p data size in bytes
        ///
        template<class _Ty, class _Ax>
        inline void hash_handshake(_In_ const std::vector<_Ty, _Ax> &data)
        {
            hash_handshake(data.data(), data.size() * sizeof(_Ty));
        }
        /// @}
        ///
        /// Makes a TLS message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
        ///
        /// \param[in]    type  Message type
        /// \param[inout] data  Message data contents
        ///
        /// \returns TLS message message
        ///
        eap::sanitizing_blob make_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &&data);
        /// @}
        /// \name Key derivation
        /// @{
        ///
        /// Generates master session key
        ///
        /// \sa [The EAP-TLS Authentication Protocol (Chapter 2.3. Key Hierarchy)](https://tools.ietf.org/html/rfc5216#section-2.3)
        ///
        virtual void derive_msk();
        /// @}
        /// \name Server message processing
        /// @{
        ///
        /// Processes messages in a TLS packet
        ///
        /// \param[in] pck       Packet data
        /// \param[in] size_pck  \p pck size in bytes
        ///
        void process_packet(_In_bytecount_(size_pck) const void *pck, _In_ size_t size_pck);
        ///
        /// Processes a TLS change_cipher_spec message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.1. Change Cipher Spec Protocol)](https://tools.ietf.org/html/rfc5246#section-7.1)
        ///
        /// \param[in] msg       TLS change_cipher_spec message data
        /// \param[in] msg_size  TLS change_cipher_spec message data size
        ///
        virtual void process_change_cipher_spec(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
        ///
        /// Processes a TLS alert message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2)
        ///
        /// \param[in] msg       TLS alert message data
        /// \param[in] msg_size  TLS alert message data size
        ///
        virtual void process_alert(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
        ///
        /// Processes a TLS handshake message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4. Handshake Protocol)](https://tools.ietf.org/html/rfc5246#section-7.4)
        ///
        /// \param[in] msg       TLS handshake message data
        /// \param[in] msg_size  TLS handshake message data size
        ///
        virtual void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
        ///
        /// Processes a TLS application_data message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 10. Application Data Protocol)](https://tools.ietf.org/html/rfc5246#section-10)
        ///
        /// \param[in] msg       TLS application_data message data
        /// \param[in] msg_size  TLS application_data message data size
        ///
        virtual void process_application_data(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
        /////
        ///// Processes a vendor-specific TLS message
        /////
        ///// \note Please see `m_cipher_spec` member if the message data came encrypted.
        /////
        ///// \param[in] type      TLS message type
        ///// \param[in] msg       TLS message data
        ///// \param[in] msg_size  TLS message data size
        /////
        //virtual void process_vendor_data(_In_ tls_message_type_t type, _In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
        /// @}
 #ifndef SCHANNEL_SRV_CERT_CHECK
        ///
        /// Verifies server's certificate if trusted by configuration
        ///
        void verify_server_trust() const;
-
+#endif
        /// \name Encryption
        /// @{
        ///
        /// Encrypt TLS message
        ///
        /// \param[in]    type  Message type
        /// \param[inout] data  TLS message to encrypt
        ///
        void encrypt_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &data);
        ///
        /// Decrypt TLS message
        ///
        /// \param[in]    type  Original message type for HMAC verification
        /// \param[inout] data  TLS message to decrypt
        ///
        void decrypt_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &data);
        /// @}
        /// \name Pseudo-random generation
        /// @{
        ///
        /// Calculates pseudo-random P_hash data defined in RFC 5246
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5)
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5)
        ///
        /// \param[in] cp         Handle of the cryptographics provider
        /// \param[in] alg        Hashing Algorithm to use (CALG_TLS1PRF = combination of MD5 and SHA-1, CALG_SHA_256...)
        /// \param[in] secret     Hashing secret key
        /// \param[in] seed       Random seed
        /// \param[in] size_seed  \p seed size
        /// \param[in] size       Number of bytes of pseudo-random data required
        ///
        /// \returns Generated pseudo-random data (\p size bytes)
        ///
        static sanitizing_blob prf(
            _In_                            HCRYPTPROV        cp,
            _In_                            ALG_ID            alg,
            _In_                      const tls_master_secret &secret,
            _In_bytecount_(size_seed) const void              *seed,
            _In_                            size_t            size_seed,
            _In_                            size_t            size);
        ///
        /// Calculates pseudo-random P_hash data defined in RFC 5246
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5)
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5)
        ///
        /// \param[in] cp      Handle of the cryptographics provider
        /// \param[in] alg     Hashing Algorithm to use (CALG_TLS1PRF = combination of MD5 and SHA-1, CALG_SHA_256...)
        /// \param[in] secret  Hashing secret key
        /// \param[in] seed    Random seed
        /// \param[in] size    Number of bytes of pseudo-random data required
        ///
        /// \returns Generated pseudo-random data (\p size bytes)
        ///
        template<class _Ty, class _Ax>
        inline static sanitizing_blob prf(
            _In_       HCRYPTPROV            cp,
            _In_       ALG_ID                alg,
            _In_ const tls_master_secret     &secret,
            _In_ const std::vector<_Ty, _Ax> &seed,
            _In_       size_t                size)
        {
            return prf(cp, alg, secret, seed.data(), seed.size() * sizeof(_Ty), size);
        }
        /// @}
        ///
        /// Creates a key
        ///
        /// \sa [How to export and import plain text session keys by using CryptoAPI](https://support.microsoft.com/en-us/kb/228786)
        ///
        /// \param[in] alg          Key algorithm
        /// \param[in] key          Key that decrypts \p secret
        /// \param[in] secret       Key data
        /// \param[in] size_secret  \p secret size
        ///
        /// \returns Key
        ///
        HCRYPTKEY create_key(
            _In_                              ALG_ID    alg,
            _In_                              HCRYPTKEY key,
            _In_bytecount_(size_secret) const void      *secret,
            _In_                              size_t    size_secret);
    protected:
        credentials_tls &m_cred;                                ///< EAP-TLS user credentials
@@ -495,39 +235,19 @@ namespace eap
        packet m_packet_req;                                    ///< Request packet
        packet m_packet_res;                                    ///< Response packet
-        winstd::crypt_prov m_cp;                                ///< Cryptography provider for general services
+        HANDLE m_user_ctx;                                      ///< Handle to user context
-        winstd::crypt_prov m_cp_enc;                            ///< Cryptography provider for encryption
+        winstd::tstring m_sc_target_name;                       ///< Schannel target name
-        winstd::crypt_key m_key_exp1;                           ///< Key for importing derived keys
+        winstd::sec_credentials m_sc_cred;                      ///< Schannel client credentials
        std::vector<unsigned char> m_sc_queue;                  ///< TLS data queue
        winstd::sec_context m_sc_ctx;                           ///< Schannel context
-        tls_version m_tls_version;                              ///< TLS version in use
+        enum {
-        ALG_ID m_alg_prf;                                       ///< Pseudo-random function algorithm in use
+            phase_unknown = -1,                                 ///< Unknown phase
-
+            phase_handshake_init = 0,                           ///< Handshake initialize
-        tls_conn_state m_state_client;                          ///< Client TLS connection state
+            phase_handshake_cont,                               ///< Handshake continue
-        tls_conn_state m_state_client_pending;                  ///< Client TLS connection state (pending)
+            phase_application_data,                             ///< Exchange application data
-        tls_conn_state m_state_server;                          ///< Server TLS connection state
+            phase_shutdown,                                     ///< Connection shut down
-        tls_conn_state m_state_server_pending;                  ///< Server TLS connection state (pending)
+        } m_phase;                                              ///< What phase is our communication at?
        tls_master_secret m_master_secret;                      ///< TLS master secret
        tls_random m_random_client;                             ///< Client random
        tls_random m_random_server;                             ///< Server random
        tls_random m_key_mppe_client;                           ///< MS-MPPE-Recv-Key
        tls_random m_key_mppe_server;                           ///< MS-MPPE-Send-Key
        sanitizing_blob m_session_id;                           ///< TLS session ID
        std::list<winstd::cert_context> m_server_cert_chain;    ///< Server certificate chain
        winstd::crypt_hash m_hash_handshake_msgs_md5;           ///< Running MD5 hash of handshake messages
        winstd::crypt_hash m_hash_handshake_msgs_sha1;          ///< Running SHA-1 hash of handshake messages
        winstd::crypt_hash m_hash_handshake_msgs_sha256;        ///< Running SHA-256 hash of handshake messages
        bool m_certificate_req;                                 ///< Did server request client certificate?
        bool m_server_hello_done;                               ///< Is server hello done?
        bool m_server_finished;                                 ///< Did server send a valid finish message?
        unsigned __int64 m_seq_num_client;                      ///< Sequence number for encrypting
        unsigned __int64 m_seq_num_server;                      ///< Sequence number for decrypting
        // The following members are required to avoid memory leakage in get_result()
        EAP_ATTRIBUTES m_eap_attr_desc;                         ///< EAP Radius attributes descriptor
--- a/lib/TLS/include/TLS.h
+++ b/lib/TLS/include/TLS.h
@@ -148,7 +148,10 @@ namespace eap
        tls_handshake_type_server_hello_done   = 14,
        tls_handshake_type_certificate_verify  = 15,
        tls_handshake_type_client_key_exchange = 16,
-        tls_handshake_type_finished            = 20
+        tls_handshake_type_finished            = 20,
        tls_handshake_type_min                 =  0,    ///< First existing handshake message
        tls_handshake_type_max                 = 21     ///< First non-existing (officially) handshake message
    };
@@ -512,28 +515,3 @@ namespace eap
        hmac_padding m_padding_hmac;    ///< Padding (key) for HMAC calculation
    };
 }
 //inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_conn_state &val)
 //{
 //    cursor << val.m_master_secret;
 //    cursor << val.m_random_client;
 //    cursor << val.m_random_server;
 //}
 //
 //
 //inline size_t pksizeof(_In_ const eap::tls_conn_state &val)
 //{
 //    return
 //        pksizeof(val.m_master_secret) +
 //        pksizeof(val.m_random_client) +
 //        pksizeof(val.m_random_server);
 //}
 //
 //
 //inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_conn_state &val)
 //{
 //    cursor >> val.m_master_secret;
 //    cursor >> val.m_random_client;
 //    cursor >> val.m_random_server;
 //}
--- a/lib/TLS/src/Config.cpp
+++ b/lib/TLS/src/Config.cpp
@@ -75,8 +75,6 @@ eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with
 eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
    m_trusted_root_ca(other.m_trusted_root_ca),
    m_server_names(other.m_server_names),
    m_session_id(other.m_session_id),
    m_master_secret(other.m_master_secret),
    config_method_with_cred(other)
 {
 }
@@ -85,8 +83,6 @@ eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
 eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) :
    m_trusted_root_ca(std::move(other.m_trusted_root_ca)),
    m_server_names(std::move(other.m_server_names)),
    m_session_id(std::move(other.m_session_id)),
    m_master_secret(std::move(other.m_master_secret)),
    config_method_with_cred(std::move(other))
 {
 }
@@ -98,8 +94,6 @@ eap::config_method_tls& eap::config_method_tls::operator=(_In_ const config_meth
        (config_method_with_cred&)*this = other;
        m_trusted_root_ca = other.m_trusted_root_ca;
        m_server_names    = other.m_server_names;
        m_session_id      = other.m_session_id;
        m_master_secret   = other.m_master_secret;
    }
    return *this;
@@ -112,8 +106,6 @@ eap::config_method_tls& eap::config_method_tls::operator=(_Inout_ config_method_
        (config_method_with_cred&&)*this = std::move(other);
        m_trusted_root_ca = std::move(other.m_trusted_root_ca);
        m_server_names    = std::move(other.m_server_names);
        m_session_id      = std::move(other.m_session_id);
        m_master_secret   = std::move(other.m_master_secret);
    }
    return *this;
@@ -161,10 +153,8 @@ void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *
    }
    // <ServerName>
-    for (list<string>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
+    for (list<wstring>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
-        wstring str;
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(*i))))
        MultiByteToWideChar(CP_UTF8, 0, i->c_str(), (int)i->length(), str);
        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(str))))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element.");
    }
 }
@@ -231,12 +221,7 @@ void eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot)
                pXmlListServerIDs->get_item(j, &pXmlElServerID);
                bstr bstrServerID;
                pXmlElServerID->get_text(&bstrServerID);
-
+                m_server_names.push_back(wstring(bstrServerID));
                // Server names (FQDNs) are always ASCII. Hopefully. Convert them to UTF-8 anyway for consistent comparison. CP_ANSI varies.
                string str;
                WideCharToMultiByte(CP_UTF8, 0, bstrServerID, bstrServerID.length(), str, NULL, NULL);
                m_server_names.push_back(str);
            }
            m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names);
@@ -250,8 +235,6 @@ void eap::config_method_tls::operator<<(_Inout_ cursor_out &cursor) const
    config_method_with_cred::operator<<(cursor);
    cursor << m_trusted_root_ca;
    cursor << m_server_names   ;
    cursor << m_session_id     ;
    cursor << m_master_secret  ;
 }
@@ -260,9 +243,7 @@ size_t eap::config_method_tls::get_pk_size() const
    return
        config_method_with_cred::get_pk_size() +
        pksizeof(m_trusted_root_ca) +
-        pksizeof(m_server_names   ) +
+        pksizeof(m_server_names   );
        pksizeof(m_session_id     ) +
        pksizeof(m_master_secret  );
 }
@@ -271,8 +252,6 @@ void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor)
    config_method_with_cred::operator>>(cursor);
    cursor >> m_trusted_root_ca;
    cursor >> m_server_names   ;
    cursor >> m_session_id     ;
    cursor >> m_master_secret  ;
 }
--- a/lib/TLS/src/Credentials.cpp
+++ b/lib/TLS/src/Credentials.cpp
@@ -254,7 +254,7 @@ tstring eap::credentials_tls::get_name() const
 }
-bool eap::credentials_tls::combine(
+eap::credentials::source_t eap::credentials_tls::combine(
    _In_       const credentials_tls   *cred_cached,
    _In_       const config_method_tls &cfg,
    _In_opt_z_       LPCTSTR           pszTargetName)
@@ -263,14 +263,14 @@ bool eap::credentials_tls::combine(
        // Using EAP service cached credentials.
        *this = *cred_cached;
        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
-        return true;
+        return source_cache;
    }
    if (cfg.m_use_preshared) {
        // Using preshared credentials.
        *this = *(credentials_tls*)cfg.m_preshared.get();
        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
-        return true;
+        return source_preshared;
    }
    if (pszTargetName) {
@@ -281,13 +281,13 @@ bool eap::credentials_tls::combine(
            // Using stored credentials.
            *this = std::move(cred_loaded);
            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
-            return true;
+            return source_storage;
        } catch (...) {
            // Not actually an error.
        }
    }
-    return false;
+    return source_unknown;
 }
--- a/lib/TLS/src/Method.cpp
+++ b/lib/TLS/src/Method.cpp
--- a/lib/TLS/src/StdAfx.h
+++ b/lib/TLS/src/StdAfx.h
@@ -31,6 +31,7 @@
 #include <WinStd/EAP.h>
 #include <EapHostError.h>
 #include <schnlsp.h>
 #include <time.h>
 #include <algorithm>
--- a/lib/TLS_UI/include/TLS_UI.h
+++ b/lib/TLS_UI/include/TLS_UI.h
@@ -119,7 +119,7 @@ public:
    ///
    /// Construct the validator with a value to store data
    ///
-    wxHostNameValidator(std::string *val = NULL);
+    wxHostNameValidator(std::wstring *val = NULL);
    ///
    /// Copy constructor
@@ -149,10 +149,10 @@ public:
    ///
    /// Parses FQDN value
    ///
-    static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out = NULL);
+    static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
 protected:
-    std::string *m_val; ///< Pointer to variable to receive control's parsed value
+    std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
 };
@@ -165,7 +165,7 @@ public:
    ///
    /// Construct the validator with a value to store data
    ///
-    wxFQDNValidator(std::string *val = NULL);
+    wxFQDNValidator(std::wstring *val = NULL);
    ///
    /// Copy constructor
@@ -195,10 +195,10 @@ public:
    ///
    /// Parses FQDN value
    ///
-    static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out = NULL);
+    static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
 protected:
-    std::string *m_val; ///< Pointer to variable to receive control's parsed value
+    std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
 };
@@ -211,7 +211,7 @@ public:
    ///
    /// Construct the validator with a value to store data
    ///
-    wxFQDNListValidator(std::list<std::string> *val = NULL);
+    wxFQDNListValidator(std::list<std::wstring> *val = NULL);
    ///
    /// Copy constructor
@@ -241,10 +241,10 @@ public:
    ///
    /// Parses FQDN list value
    ///
-    static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::string> *val_out = NULL);
+    static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out = NULL);
 protected:
-    std::list<std::string> *m_val;  ///< Pointer to variable to receive control's parsed value
+    std::list<std::wstring> *m_val;  ///< Pointer to variable to receive control's parsed value
 };
@@ -311,7 +311,7 @@ protected:
    eap::config_method_tls &m_cfg;              ///< TLS configuration
    winstd::library m_certmgr;                  ///< certmgr.dll resource library reference
    wxIcon m_icon;                              ///< Panel icon
-    std::list<std::string> m_server_names_val;  ///< Acceptable authenticating server names
+    std::list<std::wstring> m_server_names_val; ///< Acceptable authenticating server names
 };
@@ -331,7 +331,6 @@ public:
 protected:
    /// \cond internal
    virtual void OnInitDialog(wxInitDialogEvent& event);
    virtual bool TransferDataFromWindow();
    /// \endcond
 protected:
--- a/lib/TLS_UI/res/wxTLS_UI.cpp
+++ b/lib/TLS_UI/res/wxTLS_UI.cpp
@@ -74,11 +74,11 @@ wxEAPTLSServerTrustConfigPanelBase::wxEAPTLSServerTrustConfigPanelBase( wxWindow
 	sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 );
 	m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
-	m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; \"*\" wildchar allowed") );
+	m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed") );
 	sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 );
-	m_server_names_note = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("(Example: foo.bar.com;*.domain.org)"), wxDefaultPosition, wxDefaultSize, 0 );
+	m_server_names_note = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("(Example: foo.bar.com;server2.bar.com)"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_server_names_note->Wrap( -1 );
 	sb_server_names->Add( m_server_names_note, 0, wxALIGN_RIGHT, 5 );
--- a/lib/TLS_UI/res/wxTLS_UI.fbp
+++ b/lib/TLS_UI/res/wxTLS_UI.fbp
@@ -870,7 +870,7 @@
                                                <property name="style"></property>
                                                <property name="subclass"></property>
                                                <property name="toolbar_pane">0</property>
-                                                <property name="tooltip">A semicolon delimited list of acceptable server FQDN names; blank to skip name check; &quot;*&quot; wildchar allowed</property>
+                                                <property name="tooltip">A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed</property>
                                                <property name="validator_data_type"></property>
                                                <property name="validator_style">wxFILTER_NONE</property>
                                                <property name="validator_type">wxDefaultValidator</property>
@@ -940,7 +940,7 @@
                                                <property name="gripper">0</property>
                                                <property name="hidden">0</property>
                                                <property name="id">wxID_ANY</property>
-                                                <property name="label">(Example: foo.bar.com;*.domain.org)</property>
+                                                <property name="label">(Example: foo.bar.com;server2.bar.com)</property>
                                                <property name="max_size"></property>
                                                <property name="maximize_button">0</property>
                                                <property name="maximum_size"></property>
--- a/lib/TLS_UI/src/TLS_UI.cpp
+++ b/lib/TLS_UI/src/TLS_UI.cpp
@@ -46,7 +46,7 @@ wxCertificateClientData::~wxCertificateClientData()
 wxIMPLEMENT_DYNAMIC_CLASS(wxHostNameValidator, wxValidator);
-wxHostNameValidator::wxHostNameValidator(std::string *val) :
+wxHostNameValidator::wxHostNameValidator(std::wstring *val) :
    m_val(val),
    wxValidator()
 {
@@ -98,7 +98,7 @@ bool wxHostNameValidator::TransferFromWindow()
 }
-bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out)
+bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out)
 {
    const wxStringCharType *buf = val_in;
@@ -108,7 +108,7 @@ bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i
            // End of host name found.
            if (val_out) val_out->assign(val_in.c_str() + i_start, i - i_start);
            return true;
-        } else if (_tcschr(wxT("abcdefghijklmnopqrstuvwxyz0123456789-*"), buf[i])) {
+        } else if (buf[i] == _T('-') || buf[i] == _T('_') || _istalnum(buf[i])) {
            // Valid character found.
            i++;
        } else {
@@ -129,7 +129,7 @@ bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i
 wxIMPLEMENT_DYNAMIC_CLASS(wxFQDNValidator, wxValidator);
-wxFQDNValidator::wxFQDNValidator(std::string *val) :
+wxFQDNValidator::wxFQDNValidator(std::wstring *val) :
    m_val(val),
    wxValidator()
 {
@@ -181,7 +181,7 @@ bool wxFQDNValidator::TransferFromWindow()
 }
-bool wxFQDNValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out)
+bool wxFQDNValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out)
 {
    const wxStringCharType *buf = val_in;
@@ -210,7 +210,7 @@ bool wxFQDNValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end
 wxIMPLEMENT_DYNAMIC_CLASS(wxFQDNListValidator, wxValidator);
-wxFQDNListValidator::wxFQDNListValidator(std::list<std::string> *val) :
+wxFQDNListValidator::wxFQDNListValidator(std::list<std::wstring> *val) :
    m_val(val),
    wxValidator()
 {
@@ -246,7 +246,7 @@ bool wxFQDNListValidator::TransferToWindow()
    if (m_val) {
        wxString str;
-        for (std::list<std::string>::const_iterator name = m_val->cbegin(), name_end = m_val->cend(); name != name_end; ++name) {
+        for (std::list<std::wstring>::const_iterator name = m_val->cbegin(), name_end = m_val->cend(); name != name_end; ++name) {
            if (!str.IsEmpty()) str += wxT("; ");
            str += *name;
        }
@@ -267,11 +267,11 @@ bool wxFQDNListValidator::TransferFromWindow()
 }
-bool wxFQDNListValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::string> *val_out)
+bool wxFQDNListValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out)
 {
    const wxStringCharType *buf = val_in;
-    std::string _fqdn, *fqdn = val_out ? &_fqdn : NULL;
+    std::wstring _fqdn, *fqdn = val_out ? &_fqdn : NULL;
-    std::list<std::string> _val_out;
+    std::list<std::wstring> _val_out;
    size_t i = i_start;
    for (;;) {
@@ -423,14 +423,6 @@ wxTLSServerTrustPanel::wxTLSServerTrustPanel(const eap::config_provider &prov, e
 bool wxTLSServerTrustPanel::TransferDataToWindow()
 {
    if (m_prov.m_read_only) {
        // This is provider-locked configuration. Disable controls.
        m_root_ca_add_store->Enable(false);
        m_root_ca_add_file ->Enable(false);
        m_root_ca_remove   ->Enable(false);
        m_server_names     ->Enable(false);
    }
    // Populate trusted CA list.
    for (std::list<winstd::cert_context>::const_iterator cert = m_cfg.m_trusted_root_ca.cbegin(), cert_end = m_cfg.m_trusted_root_ca.cend(); cert != cert_end; ++cert)
        m_root_ca->Append(wxString(eap::get_cert_title(*cert)), new wxCertificateClientData(cert->duplicate()));
@@ -469,10 +461,19 @@ void wxTLSServerTrustPanel::OnUpdateUI(wxUpdateUIEvent& event)
 {
    UNREFERENCED_PARAMETER(event);
-    if (!m_prov.m_read_only) {
+    if (m_prov.m_read_only) {
        // This is provider-locked configuration. Disable controls.
        m_root_ca_add_store->Enable(false);
        m_root_ca_add_file ->Enable(false);
        m_root_ca_remove   ->Enable(false);
        m_server_names     ->Enable(false);
    } else {
        // This is not a provider-locked configuration. Selectively enable/disable controls.
        m_root_ca_add_store->Enable(true);
        m_root_ca_add_file ->Enable(true);
        wxArrayInt selections;
        m_root_ca_remove->Enable(m_root_ca->GetSelections(selections) ? true : false);
        m_server_names     ->Enable(true);
    }
 }
@@ -602,21 +603,3 @@ void wxTLSConfigPanel::OnInitDialog(wxInitDialogEvent& event)
    if (m_credentials)
        m_credentials->GetEventHandler()->ProcessEvent(event);
 }
 bool wxTLSConfigPanel::TransferDataFromWindow()
 {
    wxCHECK(wxPanel::TransferDataFromWindow(), false);
    if (!m_prov.m_read_only) {
        // This is not a provider-locked configuration. The data will get saved.
        // Reset session ID and master secret to force clean connect next time.
        m_cfg.m_session_id.clear();
        m_cfg.m_master_secret.clear();
    }
    return true;
 }
--- a/lib/TTLS/include/Credentials.h
+++ b/lib/TTLS/include/Credentials.h
@@ -32,6 +32,7 @@ namespace eap
 #include "../../PAP/include/Credentials.h"
 #include <memory>
 #include <utility>
 namespace eap
@@ -187,7 +188,7 @@ namespace eap
        /// - \c true  if credentials were set;
        /// - \c false otherwise
        ///
-        bool combine(
+        std::pair<source_t, source_t> combine(
            _In_       const credentials_ttls   *cred_cached,
            _In_       const config_method_ttls &cfg,
            _In_opt_z_       LPCTSTR            pszTargetName);
--- a/lib/TTLS/include/Method.h
+++ b/lib/TTLS/include/Method.h
@@ -112,14 +112,15 @@ namespace eap
        /// @}
        ///
        /// Generates master session key
        ///
        /// \sa [The EAP-TLS Authentication Protocol (Chapter 2.3. Key Hierarchy)](https://tools.ietf.org/html/rfc5216#section-2.3)
        ///
        virtual void derive_msk();
    protected:
        ///
        /// Processes an application message
        ///
        /// \param[in] msg       Application message data
        /// \param[in] size_msg  Application message data size
        ///
        virtual void process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg);
        ///
        /// Makes a PAP client message
        ///
--- a/lib/TTLS/src/Credentials.cpp
+++ b/lib/TTLS/src/Credentials.cpp
@@ -226,15 +226,12 @@ std::wstring eap::credentials_ttls::get_identity() const
 }
-bool eap::credentials_ttls::combine(
+pair<eap::credentials::source_t, eap::credentials::source_t> eap::credentials_ttls::combine(
    _In_       const credentials_ttls   *cred_cached,
    _In_       const config_method_ttls &cfg,
    _In_opt_z_       LPCTSTR            pszTargetName)
 {
-    bool
+    return pair<source_t, source_t>(
-        is_outer_set = credentials_tls::combine(cred_cached, cfg, pszTargetName),
+        credentials_tls::combine(cred_cached, cfg, pszTargetName),
-        is_inner_set =
+        dynamic_cast<const credentials_pap*>(m_inner.get()) ? ((credentials_pap*)m_inner.get())->combine(cred_cached ? (credentials_pap*)cred_cached->m_inner.get() : NULL, (const config_method_pap&)*cfg.m_inner, pszTargetName) : source_unknown);
            dynamic_cast<const credentials_pap*>(m_inner.get()) ? ((credentials_pap*)m_inner.get())->combine(cred_cached ? (credentials_pap*)cred_cached->m_inner.get() : NULL, (const config_method_pap&)*cfg.m_inner, pszTargetName) : false;
    return is_outer_set && is_inner_set;
 }
--- a/lib/TTLS/src/Method.cpp
+++ b/lib/TTLS/src/Method.cpp
@@ -69,28 +69,8 @@ void eap::method_ttls::process_request_packet(
        m_module.log_event(&EAPMETHOD_TTLS_HANDSHAKE_START, event_data((unsigned int)eap_type_ttls), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank);
    }
-    if (!m_server_finished) {
+    // Do the TLS.
-        // Do the TLS.
+    method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
        method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
        if (m_server_finished) {
            // Piggyback inner authentication.
            if (!m_state_client.m_alg_encrypt)
                throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted.");
            m_packet_res.m_code  = EapCodeResponse;
            m_packet_res.m_id    = m_packet_req.m_id;
            m_packet_res.m_flags = 0;
            sanitizing_blob msg_application(make_message(tls_message_type_application_data, make_pap_client()));
            m_packet_res.m_data.assign(msg_application.begin(), msg_application.end());
            pEapOutput->fAllowNotifications = FALSE;
            pEapOutput->action = EapPeerMethodResponseActionSend;
        }
    } else {
        // Do the TLS. Again.
        method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
    }
 }
@@ -111,20 +91,43 @@ void eap::method_ttls::get_result(
    _In_    EapPeerMethodResultReason reason,
    _Inout_ EapPeerMethodResult       *ppResult)
 {
-    if (!m_server_finished) {
+    if (m_phase != phase_application_data) {
        // Do the TLS.
        method_tls::get_result(reason, ppResult);
    } else {
        // The TLS finished, this is inner authentication's bussines.
        config_provider &cfg_prov(m_cfg.m_providers.front());
        config_method_ttls *cfg_method = dynamic_cast<config_method_ttls*>(cfg_prov.m_methods.front().get());
        assert(cfg_method);
-        // Mark credentials appropriately, so GUI can re-prompt user.
+        switch (reason) {
-        cfg_method->m_inner->m_cred_failed = reason == EapPeerMethodResultFailure;
+        case EapPeerMethodResultSuccess: {
            m_module.log_event(&EAPMETHOD_TTLS_INNER_SUCCESS, event_data((unsigned int)eap_type_ttls), event_data::blank);
            cfg_method->m_inner->m_auth_failed = false;
            break;
        }
        case EapPeerMethodResultFailure:
            m_module.log_event(&EAPMETHOD_TTLS_INNER_FAILURE, event_data((unsigned int)eap_type_ttls), event_data::blank);
            cfg_method->m_inner->m_auth_failed = true;
            break;
        default:
            throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
        }
        // EAP-TTLS uses different label in PRF for MSK derivation than EAP-TLS.
        static const DWORD s_key_id = 0x01; // EAP-TTLSv0 Keying Material
        static const SecPkgContext_EapPrfInfo s_prf_info = { 0, sizeof(s_key_id), (PBYTE)&s_key_id };
        SECURITY_STATUS status = SetContextAttributes(m_sc_ctx, SECPKG_ATTR_EAP_PRF_INFO, (void*)&s_prf_info, sizeof(s_prf_info));
        if (FAILED(status))
            throw sec_runtime_error(status, __FUNCTION__ "Error setting EAP-TTLS PRF in Schannel.");
        // The TLS was OK.
        method_tls::get_result(EapPeerMethodResultSuccess, ppResult);
        // Do not report failure to EAPHost, as it will not save updated configuration then. But we need it to save it, to alert user on next connection attempt.
        // EAPHost is well aware of the failed condition.
        //if (reason == EapPeerMethodResultFailure) {
        //    ppResult->fIsSuccess = FALSE;
        //    ppResult->dwFailureReasonCode = EAP_E_AUTHENTICATION_FAILED;
@@ -133,37 +136,51 @@ void eap::method_ttls::get_result(
 }
-void eap::method_ttls::derive_msk()
+void eap::method_ttls::process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg)
 {
-    //
+    UNREFERENCED_PARAMETER(msg);
-    //   TLS versions 1.0 [RFC2246] and 1.1 [RFC4346] define the same PRF
+    UNREFERENCED_PARAMETER(size_msg);
    //   function, and any EAP-TTLSv0 implementation based on these versions
    //   of TLS must use the PRF defined therein.  It is expected that future
    //   versions of or extensions to the TLS protocol will permit alternative
    //   PRF functions to be negotiated.  If an alternative PRF function is
    //   specified for the underlying TLS version or has been negotiated
    //   during the TLS handshake negotiation, then that alternative PRF
    //   function must be used in EAP-TTLSv0 computations instead of the TLS
    //   1.0/1.1 PRF.
    //
    // [Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0) (Chapter 7.8. Use of TLS PRF)](https://tools.ietf.org/html/rfc5281#section-7.8)
    //
    // If we use PRF_SHA256() the key exchange fails. Therefore we use PRF of TLS 1.0/1.1.
    //
    static const unsigned char s_label[] = "ttls keying material";
    sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
    seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
    seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
    sanitizing_blob key_block(prf(m_cp, CALG_TLS1PRF, m_master_secret, seed, 2*sizeof(tls_random)));
    const unsigned char *_key_block = key_block.data();
-    // MSK: MPPE-Recv-Key
+    // Prepare inner authentication.
-    memcpy(&m_key_mppe_client, _key_block, sizeof(tls_random));
+    if (!(m_sc_ctx.m_attrib & ISC_RET_CONFIDENTIALITY))
-    _key_block += sizeof(tls_random);
+        throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted.");
-    // MSK: MPPE-Send-Key
+    m_module.log_event(&EAPMETHOD_TTLS_INNER_CRED, event_data((unsigned int)eap_type_ttls), event_data(m_cred.m_inner->get_name()), event_data::blank);
-    memcpy(&m_key_mppe_server, _key_block, sizeof(tls_random));
+
-    _key_block += sizeof(tls_random);
+    SECURITY_STATUS status;
    // Get maximum message sizes.
    SecPkgContext_StreamSizes sizes;
    status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_STREAM_SIZES, &sizes);
    if (FAILED(status))
        throw sec_runtime_error(status, __FUNCTION__ " Error getting Schannel required encryption sizes.");
    // Make PAP message.
    sanitizing_blob msg_pap(make_pap_client());
    assert(msg_pap.size() < sizes.cbMaximumMessage);
    unsigned long size_data = std::min<unsigned long>(sizes.cbMaximumMessage, (unsigned long)msg_pap.size()); // Truncate
    sanitizing_blob data(sizes.cbHeader + size_data + sizes.cbTrailer, 0);
    memcpy(data.data() + sizes.cbHeader, msg_pap.data(), size_data);
    // Prepare input/output buffer(s).
    SecBuffer buf[] = {
        {  sizes.cbHeader, SECBUFFER_STREAM_HEADER , data.data()                              },
        {       size_data, SECBUFFER_DATA          , data.data() + sizes.cbHeader             },
        { sizes.cbTrailer, SECBUFFER_STREAM_TRAILER, data.data() + sizes.cbHeader + size_data },
        {               0, SECBUFFER_EMPTY         , NULL                                     },
    };
    SecBufferDesc buf_desc = {
        SECBUFFER_VERSION,
        _countof(buf),
        buf
    };
    // Encrypt the message.
    status = EncryptMessage(m_sc_ctx, 0, &buf_desc, 0);
    if (FAILED(status))
        throw sec_runtime_error(status, __FUNCTION__ " Error encrypting message.");
    m_packet_res.m_data.insert(m_packet_res.m_data.end(), (const unsigned char*)buf[0].pvBuffer, (const unsigned char*)buf[0].pvBuffer + buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer);
 }
--- a/lib/TTLS/src/Module.cpp
+++ b/lib/TTLS/src/Module.cpp
@@ -109,14 +109,17 @@ void eap::peer_ttls::get_identity(
    {
        // Combine credentials.
        user_impersonator impersonating(hTokenImpersonateUser);
-        *pfInvokeUI = cred_out.combine(
+        pair<eap::credentials::source_t, eap::credentials::source_t> cred_source(cred_out.combine(
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
            &cred_in,
 #else
            NULL,
 #endif
            *cfg_method,
-            (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL) ? FALSE : TRUE;
+            (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL));
        // If either of credentials is unknown, request UI.
        *pfInvokeUI = cred_source.first == eap::credentials::source_unknown || cred_source.second == eap::credentials::source_unknown ? TRUE : FALSE;
    }
    if (*pfInvokeUI) {
@@ -132,14 +135,14 @@ void eap::peer_ttls::get_identity(
    // If we got here, we have all credentials we need. But, wait!
-    if (cfg_method->m_cred_failed) {
+    if (cfg_method->m_auth_failed) {
        // Outer TLS: Credentials failed on last connection attempt.
        log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)eap_type_tls), event_data::blank);
        *pfInvokeUI = TRUE;
        return;
    }
-    if (cfg_method->m_inner->m_cred_failed) {
+    if (cfg_method->m_inner->m_auth_failed) {
        // Inner: Credentials failed on last connection attempt.
        log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)type_inner), event_data::blank);
        *pfInvokeUI = TRUE;
--- a/lib/TTLS/src/StdAfx.h
+++ b/lib/TTLS/src/StdAfx.h
@@ -30,3 +30,4 @@
 #include <WinStd/EAP.h>
 #include <EapHostError.h>
 #include <schannel.h>
--- a/lib/TTLS_UI/include/TTLS_UI.h
+++ b/lib/TTLS_UI/include/TTLS_UI.h
@@ -45,7 +45,6 @@ class wxTTLSCredentialsPanel;
 #include <wx/choicebk.h>
 #include <wx/icon.h>
 #include <wx/scrolwin.h>
 #include <wx/stattext.h>
 #include <Windows.h>
@@ -74,32 +73,28 @@ protected:
 };
-class wxTTLSConfigWindow : public wxScrolledWindow
+class wxTTLSConfigWindow : public wxEAPConfigWindow
 {
 public:
    ///
    /// Constructs a configuration panel
    ///
    /// \param[in]    prov           Provider configuration data
    /// \param[inout] cfg            Configuration data
    /// \param[in]    pszCredTarget  Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name.
    /// \param[in]    parent         Parent window
    ///
    wxTTLSConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, LPCTSTR pszCredTarget, wxWindow* parent);
    ///
    /// Destructs the configuration panel
    ///
    virtual ~wxTTLSConfigWindow();
 protected:
    /// \cond internal
    virtual bool TransferDataToWindow();
    virtual bool TransferDataFromWindow();
    virtual void OnInitDialog(wxInitDialogEvent& event);
    virtual void OnUpdateUI(wxUpdateUIEvent& event);
    /// \endcond
 protected:
    const eap::config_provider &m_prov;     ///< EAP provider
    eap::config_method_ttls &m_cfg;         ///< TTLS configuration
    wxStaticText *m_outer_title;            ///< Outer authentication title
    wxTTLSConfigPanel *m_outer_identity;    ///< Outer identity configuration panel
@@ -108,7 +103,7 @@ protected:
    wxChoicebook *m_inner_type;             ///< Inner authentication type
    // Temporary inner method configurations to hold data until applied
-    eap::config_method_pap m_cfg_pap;            ///< PAP configuration
+    eap::config_method_pap m_cfg_pap;       ///< PAP configuration
 };
--- a/lib/TTLS_UI/src/Module.cpp
+++ b/lib/TTLS_UI/src/Module.cpp
@@ -83,8 +83,26 @@ void eap::peer_ttls_ui::invoke_config_ui(
 {
    // Unpack configuration.
    config_provider_list cfg(*this);
-    if (dwConnectionDataInSize)
+    if (dwConnectionDataInSize) {
        // Load existing configuration.
        unpack(cfg, pConnectionDataIn, dwConnectionDataInSize);
    } else {
        // This is a blank network profile. Create default configuraton.
        // Start with PAP inner configuration.
        unique_ptr<config_method_ttls> cfg_method(new config_method_ttls(*this));
        cfg_method->m_inner.reset(new config_method_pap(*this));
        cfg_method->m_anonymous_identity = L"@";
        cfg_method->m_use_preshared = true;
        cfg_method->m_preshared.reset(new credentials_tls(*this));
        // Start with one method.
        config_provider cfg_provider(*this);
        cfg_provider.m_methods.push_back(std::move(cfg_method));
        // Start with one provider.
        cfg.m_providers.push_back(std::move(cfg_provider));
    }
    // Initialize application.
    new wxApp();
@@ -163,14 +181,14 @@ void eap::peer_ttls_ui::invoke_identity_ui(
    }
    // Combine credentials.
-    cred_out.combine(
+    pair<eap::credentials::source_t, eap::credentials::source_t> cred_source(cred_out.combine(
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
        &cred_in,
 #else
        NULL,
 #endif
        *cfg_method,
-        (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL);
+        (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL));
    if (dwFlags & EAP_FLAG_GUEST_ACCESS) {
        // Disable credential saving for guests.
@@ -190,10 +208,18 @@ void eap::peer_ttls_ui::invoke_identity_ui(
        parent.AdoptAttributesFromHWND();
        wxTopLevelWindows.Append(&parent);
-        // Create and launch credentials dialog.
+        // Create credentials dialog.
        wxEAPCredentialsDialog dlg(cfg_prov, &parent);
        wxTTLSCredentialsPanel *panel = new wxTTLSCredentialsPanel(cfg_prov, *cfg_method, cred_out, cfg_prov.m_id.c_str(), &dlg);
-        dlg.AddContents((wxPanel**)&panel, 1);
+        dlg.AddContent(panel);
        // Set "Remember" checkboxes according to credential source,
        panel->m_outer_cred->SetRememberValue(cred_source.first == eap::credentials::source_storage);
        wxPAPCredentialsPanel *panel_inner_cred_pap = dynamic_cast<wxPAPCredentialsPanel*>(panel->m_inner_cred);
        if (panel_inner_cred_pap)
            panel_inner_cred_pap->SetRememberValue(cred_source.second == eap::credentials::source_storage);
        // Centre and display dialog.
        dlg.Centre(wxBOTH);
        result = dlg.ShowModal();
        if (result == wxID_OK) {
@@ -208,7 +234,6 @@ void eap::peer_ttls_ui::invoke_identity_ui(
                }
            }
            wxPAPCredentialsPanel *panel_inner_cred_pap = dynamic_cast<wxPAPCredentialsPanel*>(panel->m_inner_cred);
            if (panel_inner_cred_pap && panel_inner_cred_pap->GetRememberValue()) {
                try {
                    cred_out.m_inner->store(cfg_prov.m_id.c_str());
--- a/lib/TTLS_UI/src/TTLS_UI.cpp
+++ b/lib/TTLS_UI/src/TTLS_UI.cpp
@@ -38,14 +38,6 @@ wxTTLSConfigPanel::wxTTLSConfigPanel(const eap::config_provider &prov, eap::conf
 bool wxTTLSConfigPanel::TransferDataToWindow()
 {
    if (m_prov.m_read_only) {
        // This is provider-locked configuration. Disable controls.
        m_outer_identity_same      ->Enable(false);
        m_outer_identity_empty     ->Enable(false);
        m_outer_identity_custom    ->Enable(false);
        m_outer_identity_custom_val->Enable(false);
    }
    // Populate identity controls.
    if (m_cfg.m_anonymous_identity.empty()) {
        m_outer_identity_same->SetValue(true);
@@ -82,8 +74,17 @@ void wxTTLSConfigPanel::OnUpdateUI(wxUpdateUIEvent& event)
 {
    UNREFERENCED_PARAMETER(event);
-    if (!m_prov.m_read_only) {
+    if (m_prov.m_read_only) {
        // This is provider-locked configuration. Disable controls.
        m_outer_identity_same      ->Enable(false);
        m_outer_identity_empty     ->Enable(false);
        m_outer_identity_custom    ->Enable(false);
        m_outer_identity_custom_val->Enable(false);
    } else {
        // This is not a provider-locked configuration. Selectively enable/disable controls.
        m_outer_identity_same      ->Enable(true);
        m_outer_identity_empty     ->Enable(true);
        m_outer_identity_custom    ->Enable(true);
        m_outer_identity_custom_val->Enable(m_outer_identity_custom->GetValue());
    }
 }
@@ -94,10 +95,9 @@ void wxTTLSConfigPanel::OnUpdateUI(wxUpdateUIEvent& event)
 //////////////////////////////////////////////////////////////////////
 wxTTLSConfigWindow::wxTTLSConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, LPCTSTR pszCredTarget, wxWindow* parent) :
    m_prov(prov),
    m_cfg((eap::config_method_ttls&)cfg),
    m_cfg_pap(cfg.m_module),
-    wxScrolledWindow(parent, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxVSCROLL)
+    wxEAPConfigWindow(prov, cfg, parent)
 {
    wxBoxSizer* sb_content;
    sb_content = new wxBoxSizer( wxVERTICAL );
@@ -112,7 +112,8 @@ wxTTLSConfigWindow::wxTTLSConfigWindow(const eap::config_provider &prov, eap::co
    m_inner_type = new wxChoicebook(this, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxCHB_DEFAULT);
    m_inner_type->SetToolTip( _("Select inner authentication method from the list") );
-    m_inner_type->AddPage(new wxPAPConfigPanel(m_prov, m_cfg_pap, pszCredTarget, m_inner_type), _("PAP"));
+    wxPAPConfigPanel *panel_pap = new wxPAPConfigPanel(m_prov, m_cfg_pap, pszCredTarget, m_inner_type);
    m_inner_type->AddPage(panel_pap, _("PAP"));
    sb_content->Add(m_inner_type, 0, wxALL|wxEXPAND, 5);
    sb_content->Add(20, 20, 1, wxALL|wxEXPAND, 5);
@@ -135,32 +136,17 @@ wxTTLSConfigWindow::wxTTLSConfigWindow(const eap::config_provider &prov, eap::co
        size.y  = 500;
    }
    this->SetMinSize(size);
    this->SetScrollRate(5, 5);
    this->SetSizer(sb_content);
    this->Layout();
-    m_inner_type->SetFocusFromKbd();
+    // m_inner_type->SetFocusFromKbd(); // This control steals mouse-wheel scrolling for itself
-
+    panel_pap->SetFocusFromKbd();
    // Connect Events
    this->Connect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxTTLSConfigWindow::OnInitDialog));
 }
 wxTTLSConfigWindow::~wxTTLSConfigWindow()
 {
    // Disconnect Events
    this->Disconnect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxTTLSConfigWindow::OnInitDialog));
 }
 bool wxTTLSConfigWindow::TransferDataToWindow()
 {
    if (m_prov.m_read_only) {
        // This is provider-locked configuration. Disable controls.
        m_inner_type->GetChoiceCtrl()->Enable(false);
    }
    eap::config_method_pap *cfg_pap = dynamic_cast<eap::config_method_pap*>(m_cfg.m_inner.get());
    if (cfg_pap) {
        m_cfg_pap = *cfg_pap;
@@ -196,8 +182,7 @@ bool wxTTLSConfigWindow::TransferDataFromWindow()
 void wxTTLSConfigWindow::OnInitDialog(wxInitDialogEvent& event)
 {
-    // Call TransferDataToWindow() manually, as wxScrolledWindow somehow skips that.
+    wxEAPConfigWindow::OnInitDialog(event);
    TransferDataToWindow();
    // Forward the event to child panels.
    m_outer_identity->GetEventHandler()->ProcessEvent(event);
@@ -207,6 +192,14 @@ void wxTTLSConfigWindow::OnInitDialog(wxInitDialogEvent& event)
 }
 void wxTTLSConfigWindow::OnUpdateUI(wxUpdateUIEvent& event)
 {
    wxEAPConfigWindow::OnUpdateUI(event);
    m_inner_type->GetChoiceCtrl()->Enable(!m_prov.m_read_only);
 }
 //////////////////////////////////////////////////////////////////////
 // wxTTLSCredentialsPanel
 //////////////////////////////////////////////////////////////////////
@@ -226,7 +219,7 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov,
    assert(m_cfg.m_inner);
-    if (m_cfg.m_inner->m_cred_failed)
+    if (m_cfg.m_inner->m_auth_failed)
        sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5);
    const eap::config_method_pap *cfg_inner_pap = dynamic_cast<const eap::config_method_pap*>(m_cfg.m_inner.get());
@@ -245,7 +238,7 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov,
    m_outer_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_INACTIVECAPTION ) );
    sb_content->Add(m_outer_title, 0, wxALL|wxALIGN_RIGHT, 5);
-    if (m_cfg.m_cred_failed)
+    if (m_cfg.m_auth_failed)
        sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5);
    m_outer_cred = new wxTLSCredentialsPanel(m_prov, (const eap::config_method_tls&)m_cfg, (eap::credentials_tls&)cred, pszCredTarget, this, is_config);
--- a/lib/WinStd
+++ b/lib/WinStd
Author	SHA1	Message	Date
Simon Rozman	318ad7f355	Version set to 1.0-alpha10	2016-08-23 14:53:27 +02:00
Simon Rozman	ef2042253c	When server certificate has no subjectAltName(2), compare host name against Common Name	2016-08-23 14:29:47 +02:00
Simon Rozman	9b997408a1	Switched to Schannel to do the TLS	2016-08-23 13:53:23 +02:00
Simon Rozman	5720524abe	Version set to 1.0-alpha9	2016-08-18 06:33:02 +02:00
Simon Rozman	1f1b9b1084	GUI boots with a predefined configuration on new profiles now (closes #10)	2016-08-18 06:31:16 +02:00
Simon Rozman	076c6b77d7	GUI updated to show "<Your Provider>" when provider ID is blank	2016-08-18 06:30:02 +02:00
Simon Rozman	92460c571f	Initial focus changed to the first non-mouse-wheel-capturing control to allow initial scrolling of the configuration dialog using mouse wheel	2016-08-17 16:42:19 +02:00
Simon Rozman	b79a2f26f6	Support for read-only lock added to GUI	2016-08-17 16:27:43 +02:00
Simon Rozman	373c83dbbe	Provider identity and help-desk is configurable via GUI now	2016-08-17 15:56:11 +02:00
Simon Rozman	543dada025	Provider and method lists are arrays now, to allow random access for configuration dialog coming-up	2016-08-17 14:47:15 +02:00
Simon Rozman	ce22ec3bfa	wxEAPCredentialsPanelPassBase >> wxEAPCredentialsPassPanelBase	2016-08-17 13:48:14 +02:00
Simon Rozman	a04647b7b5	Version set to 1.0-alpha8	2016-08-17 11:51:36 +02:00
Simon Rozman	df1d431bd0	- TLS revised (again) - TLS Session resumption issues resolved - Credential prompt has "Remember" checkbox initially selected when credentials originate from Windows Credential Manager - Last authentication attempt failure notice is more general and no longer insinuate user credentials are the likely cause of the failure - Additional log messages added	2016-08-17 11:50:34 +02:00
Simon Rozman	16527c8124	Client explicitly refuses to accept change cipher spec if no or NULL cipher was proposed now	2016-08-17 09:32:43 +02:00
Simon Rozman	69e6b775f8	Hello requests are no longer included in the handshake hashing (as per RFC)	2016-08-17 09:29:55 +02:00
Simon Rozman	c69316071f	Support for encrypted change cipher spec messages added	2016-08-17 09:26:46 +02:00
Simon Rozman	a02d1e7094	Explicit checks on server certificate chain added: - Certificate can not be self-signed: Cannot check trust against configured root CAs when server certificate is self-signed - Server can provide full certificate chain up-to and including root CA. Importing root CA to the store for certificate chain validation would implicitly trust this certificate chain. Thus, we skip all self-signed certificates on import.	2016-08-17 09:22:38 +02:00
Simon Rozman	078636eb14	make_change_chiper_spec() removed as this message can simply be created using make_message()	2016-08-17 09:09:42 +02:00
Simon Rozman	cabae26e0b	Flags describing handshake messages received assembled in a boolean table of flags	2016-08-17 09:01:11 +02:00
Simon Rozman	7376693838	Additional constants	2016-08-17 08:34:25 +02:00
Simon Rozman	a5b3914a09	Comments and some minor clean-up	2016-08-16 22:27:30 +02:00