Thu May 15 08:35:20 PDT 2008
On Fri, May 09, 2008 at 12:01:46PM -0600, Jeff Sadowski wrote:
> In windows we are told to uncheck server validation. (I know this is
> unsafe but the network admin did not know how to set it up properly on
> our trapeze wireless system.) So it will never check the cert from any
> of the windows machines.
The behavior for server certificate validation is somewhat undefined if
ca_cert is not configured. It looks like the current behavior is that
the internal TLS implementation verifies the validity period even in
this case but OpenSSL-based TLS implementation does not. Since this
configuration is invalid from security view point, I don't see much need
in changing the current behavior. If ca_cert is set, both TLS
implementations would require the server certificate to be valid at the
time of the authentication.
Jouni Malinen PGP id EFC895FA
More information about the Hostap