# -*- text -*-
##
##  Configuration for EAP types for various clients
##

# EAP-TTLS and EAP-PEAP
eap {
    tls-config tls-common {
        private_key_file = ${certdir}/trusted_server.key
        # For Win7 full certs chain in one file.
        certificate_file = ${certdir}/trusted_server_chain.crt
        # should send full chain of 4 crt hardcoded at one file _chain.crt
        auto_chain = no

        $INCLUDE ../eap-tls-base.conf
    }

    $INCLUDE ../eap-base.conf
}

# EAP-TTLS and EAP-PEAP for Ubiquity and Apple devices
eap eap-ubi {
    tls-config tls-common {
        private_key_file = ${certdir}/trusted_server.key
        certificate_file = ${certdir}/trusted_server.crt
        # should send top trusted_server.crt only
        auto_chain = no

        $INCLUDE ../eap-tls-base.conf
    }

    $INCLUDE ../eap-base.conf
}

# EAP-TLS
eap eap-tls {

    tls-config tls-common {
        private_key_password = ${tls_key_password}
        private_key_file = ${certdir}/server.key
        certificate_file = ${certdir}/server.crt
        # should send auto-chained self-signed eltex-ca crt and eltex-tls server crt
        auto_chain = yes

        $INCLUDE ../eap-tls-base.conf
    }

    tls {
        tls = tls-common
    }

    $INCLUDE ../eap-base.conf
}
