Reject expired certificates

Norbert Wegener norbert.wegener
Wed Mar 18 10:04:38 PDT 2009 

Jouni Malinen schrieb:
> On Wed, Mar 18, 2009 at 05:12:58PM +0100, Norbert Wegener wrote:
>
>   
>> For testing eap/tls authenticatiopn in freeradius I use a  git  
>> version(around 2 month old) of eapol_test.
>> This works fine in general, but I found htat eapol_test accepts expired  
>> certificates that the radius server hands out.
>>     
>
> How did you configure eapol_test? If it is configured to validate the
> server certificate (i.e., ca_cert is set), it should reject expired
> certificates. If ca_cert is not set, the exact behavior depends on which
> TLS library you are using (if I remember correctly, OpenSSL ends up
> allowing the connection while the internal TLS implementation will
> reject the expired certificate).
>
>   
Ah, ca_cert had been missing in the config. That's it.
Thanks
Norbert Wegener



-- 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Norbert Wegener

Siemens IT Solutions and Services GmbH & Co. OHG
SIS GO NW PSU2
Kruppstra?e 16 
D-45128 Essen 

Phone     : +49 (0) 201 816-3116
Fax.      : +49 (0) 201 816-5581284
mailto:norbert.wegener at siemens.com


Siemens IT Solutions and ServicesGmbH & Co. OHG
Offene Handelsgesellschaft, Sitz der Gesellschaft: M?nchen; Registergericht: M?nchen, HRA 69235;
Gesch?ftsf?hrende Gesellschafterin: Siemens Business Services Beteiligungs-GmbH,  
Gesch?ftsf?hrer: Christoph Kollatz, Vorsitzender; J?rgen Frischmuth, Michael Schulz-Drost;

Sitz der Gesellschaft: M?nchen; Registergericht: M?nchen, HRB 50462; 
Weitere Gesellschafter: Siemens Business Services Investment GmbH & Co.  KG,
Sitz der Gesellschaft: M?nchen; Registergericht: M?nchen, HRA 86893; 
Pers?nlich haftende Gesellschafterin der Siemens Business Services Investment GmbH & Co. KG: 

Siemens Business Services Beteiligungs-GmbH, Gesch?ftsf?hrer: Christoph Kollatz, Vorsitzender; J?rgen Frischmuth, Michael Schulz-Drost; Sitz der Gesellschaft: M?nchen; Registergericht: M?nchen, HRB 50462 WEEE-Reg.Nr. DE 88294312


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20090318/080f47b9/attachment.htm

More information about the Hostap mailing list