wrong time?

Jouni Malinen j
Thu May 15 08:35:20 PDT 2008

On Fri, May 09, 2008 at 12:01:46PM -0600, Jeff Sadowski wrote:

> In windows we are told to uncheck server validation. (I know this is
> unsafe but the network admin did not know how to set it up properly on
> our trapeze wireless system.) So it will never check the cert from any
> of the windows machines.

The behavior for server certificate validation is somewhat undefined if
ca_cert is not configured. It looks like the current behavior is that
the internal TLS implementation verifies the validity period even in
this case but OpenSSL-based TLS implementation does not. Since this
configuration is invalid from security view point, I don't see much need
in changing the current behavior. If ca_cert is set, both TLS
implementations would require the server certificate to be valid at the
time of the authentication.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list