rad_eap_test
rad_eap_test copied to clipboard
CESNET
Nagios compatible shell script used for testing RADIUS servers by EAP
Add new option -L to allow selecting specific TLS protocols to enable. Protocol names match existing use of OpenSSL config (so TLSv1.0 is "TLSv1"). The TLS protocol selection is translated...
In OpenSSL certificate chain dump, depth=0 corresponds to the leaf (end-entity) certificate (not root CA). rad_eap_test was incorrectly reporting `CA certificate expired` for an expired leaf certificate. Fix the logic...
wpa_supplicant 2.10 has disabled support for TKIP and WEP by default: - https://w1.fi/cgit/hostap/commit?id=6b1c590ebb87bd4ddd2930feb621f463197d1125 - https://w1.fi/cgit/hostap/commit?id=200c7693c9a145508b1850befb200430c1c6a984 As a result, eapol_test won't parse a config which specifies either one. In order to...
Disable TLS 1.3 in configuration file passed to eapol_test until it's usage is standartized. https://github.com/FreeRADIUS/freeradius-server/issues/2385#issuecomment-454253254
Support for sending Vendor-Specific Attributes as per 5.26 in RFC 2865. Since the VvSsAa flags are all in use I opted for E. Please edit as you see fit.
Default is "tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=0 tls_disable_tlsv1_2=0 tls_disable_tlsv1_3=1" For example, you can change PEAP versions by passing '-o "peapver=0"' or '-o "peapver=1"'. This should also address #11 by disabling TLS 1.3 by...
In order to test some phase2 types, we need to use `autheap=` rather than `auth=` in the eapol_test config. An example of where this is necessary is with EAP-TTLS/EAP-GTC or...
Info "Certiticate information was requested, but the certificate was not retrieved." is confusing for many people. It should be safe to not print it with timeout. Not sure about access-reject.
https://github.com/CESNET/rad_eap_test/blob/d8aec01802d64ac7682b3417e7df3c24aacb92a8/rad_eap_test#L567 A proper PEAP test will use 'autheap=MSCHAPv2' as per documentation in the wpa_supplicant and as per eduroam's Stefan Winter. Apparently the command-line doesn't allow this, and the line above...