Re: [Help-gnutls] Re: Still replacing OpenSSL function with GnuTLS

[Jouni Malinen]

On Wed, Jun 17, 2009 at 3:18 PM, Simon Josefsson<address@hidden> wrote:
> Using GnuTLS in more EAP environments would be good, it has seen too
> little testing there.

Talking of which..  Are there any plans on adding support for TLS
Session Ticket (RFC 5077) into GnuTLS? It (or well, a bit modified
version of it) would be needed to be able to implement EAP-FAST. I
finally got the needed patch to do this into OpenSSL, but if I've
understood correctly, this functionality is missing from GnuTLS and
consequently, no EAP-FAST support with it is currently possible. By
the way, http://www.gnu.org/software/gnutls/comparison.html could be
updated to say that OpenSSL does support session tickets if seeing
GnuTLS as the only row with red here would motivate someone to work on
this ;-).

wpa_supplicant and hostapd can be used with GnuTLS to implement EAP
peer and server functionality for EAP-TLS, EAP-PEAP, and EAP-TTLS.
Some Linux distros may even build these by default with GnuTLS, but I
would assume that OpenSSL is used in most cases. It might even be
possible to use the FreeRADIUS eap2 module and link that with the EAP
server code from hostapd built with GnuTLS if someone is looking for
an odd hack of using GnuTLS with FreeRADIUS.

- Jouni