Query: auth server bahaviour when presented with unknown user certs (EAP-TLS)
Soh Kam Yung
Thu Dec 4 01:43:55 PST 2008
Thanks for the reply. For now, I will test by providing all know user
certificates to the authentication server until one succeeds or they
all fail. Hopefully, I won't encounter any paranoid servers that
block me after one failed user certificate.
On Fri, Nov 28, 2008 at 6:44 PM, Jouni Malinen <j at w1.fi> wrote:
> On Fri, Nov 28, 2008 at 10:11:10AM +0800, Soh Kam Yung wrote:
>> On Thu, Nov 27, 2008 at 9:31 PM, Jouni Malinen <j at w1.fi> wrote:
>> > Ideally, this would be done be selecting the certificate based on which
>> > certificate server used and what the server asked for in
>> > CertificateRequest..
>> Could you provide some more details on I can do this?
>> How do I get wpa_supplicant to request for the user certificate via
>> the control interface?
> This is not yet supported, so changes will be needed in both the TLS
> library wrapper and control interface. It would be useful to add a new
> callback from the TLS code to provide information about the server
> certificate and certificate request. This could then be used to
> implement support for either selecting the correct client
> key/certificate from a set of configured options or requesting the
> key/certificate via the control interface if no matching certificate was
> Jouni Malinen PGP id EFC895FA
Soh Kam Yung
my Google Reader Shared links:
my Google Reader Shared SFAS links:
More information about the Hostap