Query: auth server bahaviour when presented with unknown user certs (EAP-TLS)

Soh Kam Yung sohkamyung
Thu Dec 4 01:43:55 PST 2008


Thanks for the reply.  For now, I will test by providing all know user
certificates to the authentication server until one succeeds or they
all fail.  Hopefully, I won't encounter any paranoid servers that
block me after one failed user certificate.

Kam Yung

On Fri, Nov 28, 2008 at 6:44 PM, Jouni Malinen <j at w1.fi> wrote:
> On Fri, Nov 28, 2008 at 10:11:10AM +0800, Soh Kam Yung wrote:
>> On Thu, Nov 27, 2008 at 9:31 PM, Jouni Malinen <j at w1.fi> wrote:
>> > Ideally, this would be done be selecting the certificate based on which
>> > certificate server used and what the server asked for in
>> > CertificateRequest..
>> Could you provide some more details on I can do this?
>> How do I get wpa_supplicant to request for the user certificate via
>> the control interface?
> This is not yet supported, so changes will be needed in both the TLS
> library wrapper and control interface. It would be useful to add a new
> callback from the TLS code to provide information about the server
> certificate and certificate request. This could then be used to
> implement support for either selecting the correct client
> key/certificate from a set of configured options or requesting the
> key/certificate via the control interface if no matching certificate was
> configured.
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
Soh Kam Yung
my Google Reader Shared links:
my Google Reader Shared SFAS links:

More information about the Hostap mailing list