Query: auth server bahaviour when presented with unknown user certs (EAP-TLS)

[Soh Kam Yung]

Jouni,

Thanks for the reply.  For now, I will test by providing all know user
certificates to the authentication server until one succeeds or they
all fail.  Hopefully, I won't encounter any paranoid servers that
block me after one failed user certificate.

Regards,
Kam Yung

On Fri, Nov 28, 2008 at 6:44 PM, Jouni Malinen <j at w1.fi> wrote:
> On Fri, Nov 28, 2008 at 10:11:10AM +0800, Soh Kam Yung wrote:
>> On Thu, Nov 27, 2008 at 9:31 PM, Jouni Malinen <j at w1.fi> wrote:
>> > Ideally, this would be done be selecting the certificate based on which
>> > certificate server used and what the server asked for in
>> > CertificateRequest..
>
>> Could you provide some more details on I can do this?
>
>> How do I get wpa_supplicant to request for the user certificate via
>> the control interface?
>
> This is not yet supported, so changes will be needed in both the TLS
> library wrapper and control interface. It would be useful to add a new
> callback from the TLS code to provide information about the server
> certificate and certificate request. This could then be used to
> implement support for either selecting the correct client
> key/certificate from a set of configured options or requesting the
> key/certificate via the control interface if no matching certificate was
> configured.
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
-- 
Soh Kam Yung
my Google Reader Shared links:
(http://www.google.com/reader/shared/16851815156817689753)
my Google Reader Shared SFAS links:
(http://www.google.com/reader/shared/user/16851815156817689753/label/sfas)