open1x-developers Mailing List for Open1X

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I have made a Discord Server for it, you can join it by going to https://discord.gg/5wK5zF (https://discord.gg/5wK5zFk)

I have made a mirror of it on Github. You can see it at https://github.com/Zero3K/xsupplicant (https://github.com/Zero3K/xsupplicant). I have made some changes to it. The major one I did is upgrading the project files from Visual Studio 2005 to Visual Studio 2019. Now I need someone to fork it and fix the errors occurring when trying to compile the projects.

Hello all.

I am unable to find any documentation for 
XSupplicant GUI Version: 2.2.3.553
Engine Version: 2.1.nightly.545

So, I hope you can help me with my issues.

Supplicant is installed on 32 bits Windows Vista Enterprise, Service Pack 2

I create and installed CA.p12 on this system. (CA.p12 was created on Linux system with FreeSSL & FreeRADIUS)
I can see this CERT if I use Microsoft native 802.1X configuration.
I can successfully use this CA.p12 with MAC OS and Linux (different file extension under Linux) in commbination with FreeRADIUS on a separate system.

But, I cannot see it under:

Connection >> 802.1X Server Certificate

In XSupplicant.

I appreciate any advice.

Thank you.

#######################################################################
LEARN TO WRITE YOUR HURTS IN THE SAND AND CARVE YOUR BENEFITS IN STONE.

Hello,

a new version is available @ http://pub.grid-net.com/xsuplib/

Here are the changes:

- added a quick start section and example code; now everyone with a linux PC can
use the XSupplicant Library to setup an end-to-end EAP/TLS session to a radius
server fairly easily; no special hardware card required!

- fixed a bug which caused a segmentation fault on EAP TLS cleanup

- used valgrind to verify that my use of the OpenSSL APIs doesn't leak memory.

Thanks
Tom

Hi Josh,

the licensing issue has been resolved, we are releasing under the same Dual
license which XSupplicant uses.

A first version, 0.4.0, of the xsupplicant library is available @
http://pub.grid-net.com/xsuplib/ . Let me know if you have any input for the
next version.

Right now, there is no easy way to run the xsupplicant library in this package;
I need to figure out how to tackle this.
(I myself use a customized radius server as well as version of XSupplicant in
direct-radius mode which has been modified to use the xsupplicant library)

Cheers
Tom

Tom Enderes wrote:
> Sending attachments to the list doesn't work. On open1x, is there a place I can
> upload the lib for anyone interested to have a look?
> 
> I would like to use LGPL for the lib. If the authors of the existing xsupplicant
> code (which uses a dual license) objected to that, would you please let me know?
> 
> Tom Enderes wrote:
>> Josh Howlett wrote:
>>>>> Ok, so the application has to provide something equivalent to an EAP lower
>>>> layer to talk to the peer? It then uses this method to exchange EAP packets
>>>> with the library?
>>>>
>>>> Exactly.
>>> How does the API expose data that the EAP method exports, like names and keys?
>> using the callback on success, prototype for all the callbacks is shown below:
>>
>> struct xsup_library_config {
>> 	void (*notify_eap_data) (xsup_cookie cookie, const uint8_t* data, size_t length);
>> 	void (*notify_success) (xsup_cookie cookie, const uint8_t* keymaterial, size_t
>> length);
>> 	void (*notify_failure) (xsup_cookie cookie, xsup_returntype reasoncode);
>> };
>>
>>
>>
>>> Josh.
>>>
>>> JANET(UK) is a trading name of The JNT Association, a company limited
>>> by guarantee which is registered in England under No. 2881024 
>>> and whose Registered Office is at Lumen House, Library Avenue,
>>> Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
>>>
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Sprint
>> What will you do first with EVO, the first 4G phone?
>> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
>> _______________________________________________
>> Open1x-developers mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/open1x-developers
> 

Josh Howlett wrote:
> Tom,
> 
> What platforms have you tested this on?

So far, only on linux, only EAP-TLS; what are you looking for?

> 
> Josh.
> 
> JANET(UK) is a trading name of The JNT Association, a company limited
> by guarantee which is registered in England under No. 2881024 
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
> 

Tom,

What platforms have you tested this on?

Josh.

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG

Sending attachments to the list doesn't work. On open1x, is there a place I can
upload the lib for anyone interested to have a look?

I would like to use LGPL for the lib. If the authors of the existing xsupplicant
code (which uses a dual license) objected to that, would you please let me know?

Tom Enderes wrote:
> 
> Josh Howlett wrote:
>>>> Ok, so the application has to provide something equivalent to an EAP lower
>>> layer to talk to the peer? It then uses this method to exchange EAP packets
>>> with the library?
>>>
>>> Exactly.
>> How does the API expose data that the EAP method exports, like names and keys?
> 
> using the callback on success, prototype for all the callbacks is shown below:
> 
> struct xsup_library_config {
> 	void (*notify_eap_data) (xsup_cookie cookie, const uint8_t* data, size_t length);
> 	void (*notify_success) (xsup_cookie cookie, const uint8_t* keymaterial, size_t
> length);
> 	void (*notify_failure) (xsup_cookie cookie, xsup_returntype reasoncode);
> };
> 
> 
> 
>> Josh.
>>
>> JANET(UK) is a trading name of The JNT Association, a company limited
>> by guarantee which is registered in England under No. 2881024 
>> and whose Registered Office is at Lumen House, Library Avenue,
>> Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
>>
> 
> 
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> Open1x-developers mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/open1x-developers

-- 
This e-mail and any of its attachments may contain proprietary information,
which is privileged, confidential or subject to copyright belonging to Grid Net,
Inc. This e-mail is intended solely for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are hereby
notified that any dissemination, distribution, copying or action taken in
relation to the contents of this e-mail is strictly prohibited and may be
unlawful. If you have received this e-mail in error, please notify the sender
immediately and permanently delete.

Josh Howlett wrote:
>>> Ok, so the application has to provide something equivalent to an EAP lower
>> layer to talk to the peer? It then uses this method to exchange EAP packets
>> with the library?
>>
>> Exactly.
> 
> How does the API expose data that the EAP method exports, like names and keys?

using the callback on success, prototype for all the callbacks is shown below:

struct xsup_library_config {
	void (*notify_eap_data) (xsup_cookie cookie, const uint8_t* data, size_t length);
	void (*notify_success) (xsup_cookie cookie, const uint8_t* keymaterial, size_t
length);
	void (*notify_failure) (xsup_cookie cookie, xsup_returntype reasoncode);
};

> 
> Josh.
> 
> JANET(UK) is a trading name of The JNT Association, a company limited
> by guarantee which is registered in England under No. 2881024 
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
> 

> > Ok, so the application has to provide something equivalent to an EAP lower
> layer to talk to the peer? It then uses this method to exchange EAP packets
> with the library?
> 
> Exactly.

How does the API expose data that the EAP method exports, like names and keys?

Josh.

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG

Josh Howlett wrote:
>> You pass in an eap packet coming from the peer.
>>
>> Then a callback is invoked by the library with the eap packet going to the
>> peer.
> 
> Ok, so the application has to provide something equivalent to an EAP lower layer to talk to the peer? It then uses this method to exchange EAP packets with the library?

Exactly.

(For example, I have tested the xsuplib using the modified xsupplicant
application: lower layer was the radius protocol and the peer was a freeradius
server)

> 
> Josh.
> 
> JANET(UK) is a trading name of The JNT Association, a company limited
> by guarantee which is registered in England under No. 2881024 
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
> 

> You pass in an eap packet coming from the peer.
> 
> Then a callback is invoked by the library with the eap packet going to the
> peer.

Ok, so the application has to provide something equivalent to an EAP lower layer to talk to the peer? It then uses this method to exchange EAP packets with the library?

Josh.

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG

Josh Howlett wrote:
>> /* eap payload */
>> xsup_returntype xsup_received_eap_payload(xsup_cookie cookie, const uint8_t*
>> data, size_t length);
> 
> What does 'data' get filled with?

You pass in an eap packet coming from the peer.

Then a callback is invoked by the library with the eap packet going to the peer.

> 
> Josh.
> 
> JANET(UK) is a trading name of The JNT Association, a company limited
> by guarantee which is registered in England under No. 2881024 
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
> 

-- 
This e-mail and any of its attachments may contain proprietary information,
which is privileged, confidential or subject to copyright belonging to Grid Net,
Inc. This e-mail is intended solely for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are hereby
notified that any dissemination, distribution, copying or action taken in
relation to the contents of this e-mail is strictly prohibited and may be
unlawful. If you have received this e-mail in error, please notify the sender
immediately and permanently delete.

Tom,

> I have taken xsupplicant 2.2.0 und have successfully split it into two parts:
> - a library libxsup (containing mainly the eap_types)
> - an xsupplicant application.

Great idea!

As it happens, I might have a use for this. Have you documented your API?

Josh.

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG

> /* eap payload */
> xsup_returntype xsup_received_eap_payload(xsup_cookie cookie, const uint8_t*
> data, size_t length);

What does 'data' get filled with?

Josh.

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG

No, I have not documented the API yet, I am waiting to see how much interest
there is.

The API but it is fairly straightforward, just these methods below.
The client's main work is to fill one big structure, struct xsup_session_config,
which contains all needed authentication material for the eap method it wants to
use.

/* register callbacks for eap data / success / failure */
xsup_returntype xsup_setup_library(const struct xsup_library_config* conf);

xsup_returntype xsup_create_session(const struct xsup_session_config* conf,
xsup_cookie cookie);

void xsup_destroy_session(xsup_cookie cookie);

/* eap payload */
xsup_returntype xsup_received_eap_payload(xsup_cookie cookie, const uint8_t*
data, size_t length);

Josh Howlett wrote:
> Tom,
> 
>> I have taken xsupplicant 2.2.0 und have successfully split it into two parts:
>> - a library libxsup (containing mainly the eap_types)
>> - an xsupplicant application.
> 
> Great idea!
> 
> As it happens, I might have a use for this. Have you documented your API?
> 
> Josh.
> 
> JANET(UK) is a trading name of The JNT Association, a company limited
> by guarantee which is registered in England under No. 2881024 
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
> 

-- 
This e-mail and any of its attachments may contain proprietary information,
which is privileged, confidential or subject to copyright belonging to Grid Net,
Inc. This e-mail is intended solely for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are hereby
notified that any dissemination, distribution, copying or action taken in
relation to the contents of this e-mail is strictly prohibited and may be
unlawful. If you have received this e-mail in error, please notify the sender
immediately and permanently delete.

Hi Chris et al,

I would like to feed this back into the community; what are your thoughts?

I have taken xsupplicant 2.2.0 und have successfully split it into two parts:
- a library libxsup (containing mainly the eap_types)
- an xsupplicant application.

With this change, anyone who needs to add eap support to an application can use
open1x as well.

Thanks
Tom

Hello xsupplicant developers,

please let me know how I can give you my diff to help fix "Direct RADIUS mode
doesn't work - ID: 2683931"

I just got xsupplicant 2.2 to successfully authenticate in direct mode:
- using EAP-TLS
- against free radius 2.1.9
- some code changes on xsupplicant were necessary, such as adding avp 24 (State)
- new configuration file is included below.

Thanks
Tom

<?xml version="1.0"?>
<XsupplicantConfig version="1.0" generated_data="1/20/07">
	<Globals>
	</Globals>
	<Profiles>
		<Profile>
			<Name>Test TLS profile</Name>
			<Identity>ano...@te...</Identity>
			<EAP>
				<Type>tls</Type>
				<Trusted_Server>My TLS Server</Trusted_Server>

<User_Certificate>/home/tom/builds/gen2/eclipse/wpa-client/configuration/sampleCerts/devcertsigned.pem</User_Certificate>

<User_Key_File>/home/tom/builds/gen2/eclipse/wpa-client/configuration/sampleCerts/devkey.pem</User_Key_File>
				<Store_Type>FILE</Store_Type>
				<User_Key_Password>sample</User_Key_Password>
			</EAP>
		</Profile>
	</Profiles>

	<Connections>
		<Connection>
			<Name>radius</Name>
			<SSID>my_tls_ssid</SSID>
			<Profile>Test TLS Profile</Profile>
			<Association>
				<Type>Open</Type>
			</Association>
		</Connection>
	</Connections>

	<Trusted_Servers>
		<Trusted_Server>
			<Name>My TLS Server</Name>
			<Store_Type>FILE</Store_Type>

<Location>/home/tom/builds/gen2/eclipse/wpa-client/configuration/sampleCerts/rootsrvcert.pem</Location>
			<Common_Name>Grid-Net-Root-CA</Common_Name>
		</Trusted_Server>
	</Trusted_Servers>

</XsupplicantConfig>

Hi,

after some changes I now get past the identity exchange up to the Access
Challenge with direct radius on Xsupplicant 2.2.
Xsupplicant fails when it checks if TLS is an allowed method. Would anyone know
why my profile below doesn't cause the TLS method data to be populated?

Config file and first lines of execution are below.

Thanks
Tom

<?xml version="1.0"?>
<XsupplicantConfig version="1.0" generated_data="1/20/07">
	<Globals>
	</Globals>
	<Profiles>
		<Profile>
			<Name>Test TLS profile</Name>
			<Identity>test</Identity>
			<EAP>
				<Type>tls</Type>
				<Trusted_Server>My TLS Server</Trusted_Server>

<User_Certificate>/home/tom/gridnet/auth-material/wimaxMfgCert.pem</User_Certificate>
				<User_Key_File>/home/tom/gridnet/auth-material/wimaxMfgKey.pem</User_Key_File>
				<User_Key_Password></User_Key_Password>
			</EAP>
		</Profile>
	</Profiles>

	<Connections>
		<Connection>
			<Name>radius</Name>
			<SSID>my_tls_ssid</SSID>
			<Profile>Test TLS Profile</Profile>
			<Association>
				<Type>Open</Type>
			</Association>
		</Connection>
	</Connections>

	<Trusted_Servers>
		<Trusted_Server>
		</Trusted_Server>
	</Trusted_Servers>

</XsupplicantConfig>

tom@d2007:~/builds/gen2/eclipse/xapp$ src/xsupplicant -d A -f -c
etc/direct-example.conf
Starting XSupplicant v. @VERSION@.@BUILDNUM@
[INIT       ] Tue Jun  8 17:02:08 2010 - Init devices structure.
Parsing connections..
Connection has a name of radius
File /etc/xsupplicant.user.conf can't be accessed
Tue Jun  8 17:02:08 2010 - load-user-config from file /etc/xsupplicant.user.conf
Tue Jun  8 17:02:08 2010 - Unable to load the user's configuration.  No user
specific configuration settings will be available!
Tue Jun  8 17:02:08 2010 - XSupplicant @VERSION@.@BUILDNUM@ started.

Hi.

1. 2.1.8/2.1.9 are not appear user define TLS Root CA
2. and also when choise certification section(EAP-TLS), name and Issued by
are same appear

Hi.

1. 2.1.8/2.1.9 are not appear user define TLS Root CA
2. and also when choise certification section(EAP-TLS), name and Issued by
are same appear

The sources four our modified version of ProtInstall can now be found here:

https://open1x.svn.sf.net/svnroot/open1x/vendor/ProtInstall

Note that you will need the Windows WDK to build ProtInstall.

For people building out of SVN we recommend using the Vista SDK and WDK.

ProtInstall is a 3rd party package under a BSD license and can be found
here:

http://www.ndis.com/papers/ndisinstall/programinstall.htm

- Terry

2008	Jan	Feb	Mar	Apr (1)	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2009	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep (2)	Oct	Nov	Dec
2010	Jan	Feb	Mar	Apr	May	Jun (2)	Jul (12)	Aug (1)	Sep	Oct (1)	Nov	Dec
2011	Jan	Feb (1)	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2020	Jan	Feb	Mar	Apr	May (2)	Jun	Jul	Aug	Sep	Oct	Nov	Dec

open1x-developers Mailing List for Open1X

open1x-developers — A list for developers to discuss problems and ideas.