Query: auth server bahaviour when presented with unknown user certs (EAP-TLS)

Jouni Malinen j
Fri Nov 28 02:44:33 PST 2008

On Fri, Nov 28, 2008 at 10:11:10AM +0800, Soh Kam Yung wrote:
> On Thu, Nov 27, 2008 at 9:31 PM, Jouni Malinen <j at w1.fi> wrote:
> > Ideally, this would be done be selecting the certificate based on which
> > certificate server used and what the server asked for in
> > CertificateRequest..

> Could you provide some more details on I can do this?

> How do I get wpa_supplicant to request for the user certificate via
> the control interface?

This is not yet supported, so changes will be needed in both the TLS
library wrapper and control interface. It would be useful to add a new
callback from the TLS code to provide information about the server
certificate and certificate request. This could then be used to
implement support for either selecting the correct client
key/certificate from a set of configured options or requesting the
key/certificate via the control interface if no matching certificate was
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list