Are you sure of this?
Quite, as the person responsible to have eduroam operational at national level through two decades, it was like the first thing I tested (and I used to have a lab for testing out equipment that claimed to 802.1x support).
When doing 802.1x, the supplicant needs to validate the x509 certificate it receives from the radius server to establish the TLS connection over wpa+radius (over which the real authentication takes place, for example with EAP-PEAP, with MS-ChapV2), and in case of EAP-TLS, also the client certificate it sends to the server for authentication. From what I recall, enabling 802.1x support in old wpa_supplicant was a matter of having "configure" detect openssl includes when creating the Makefile. Was WirelessManager ever "linked" against AmiSSL?
EDIT: I just quickly checked the WirelessManager for 68k with vim (are the sources somewhere?), and it does indeed have a lot of strings in it related to EAP and certificate validation, but no reference to any ssl libraries.
On the one hand I've never tested 802.1x, but on the other I can't recall disabling it in WirelessManager. If it's complied in, maybe it will work with the right config file?
Sure, and yes, however... I suspect it predates AmiSSL v5? I would love to see 802.1x support added for both OS4 and OS3, so if you feel like digging deeper and add support, that would be superb!
So the Mac connects to the "central/upstream" router, but won't connect to the local travel router? What's the purpose of the travel router then if no connected clients are allowed to use the network?
Most wifi networks targeting random public users, such as hotel guests etc, are not using 802.1x and rely on PSK - I suspect the "travel router" also doesn't do 802.1x authentication and isn't connected to "upstream".
Without going into details, but such tiny "embedded" systems face several challenges when it comes to 802.1x and SSL/TLS, challenges for which work-arounds exists, but the most obvious solution is either just not support it, or to not do any validation and just accept whichever certificate is presented... which is not at all ideal. (imagine a system without RTC booting into 2015, and being presented certificate only valid from September 2024... for example)
@garyg You haven't confirmed if the travel router has Ethernet ports or its exact model, which may be useful in solving the problem :-)
He kinda did, I'm quite confident it is this one -
https://www.gl-inet.com/products/gl-sft1200/