[PATCH] hs20-ca: provide command-line args to setup.sh

Ben Greear greearb
Fri Mar 27 12:08:30 PDT 2015

Ok, I have the changes to the first patch done.

I'll wait on additional comments and then re-submit the series
unless you prefer me to send the updated 1/12 before you
review the rest.


On 03/27/2015 11:20 AM, Jouni Malinen wrote:
> On Fri, Mar 27, 2015 at 10:55:55AM -0700, Ben Greear wrote:
>> What should the 'server-client.key' (and .pem, .csr) be used for?  In the end,
>> I did not end up using them..but I used server.pem in several
>> different places, which is probably not the best idea.
> Unless you are doing negative testing on an OSU client implementation,
> you would not use server-client.*.
>> I wanted to do all of the common substitutions once at the top
>> of the file so that I didn't have to have duplicated sed logic in
>> each of the steps that messes with the .tmp file.
>> The copy to/from orig logic lets me re-run setup.sh and get
>> repeatable results.
>> I can instead make a copy and always work from the copy instead
>> so that it can be run in-place in the git repo if you prefer?
> As long as you do not modify any of the files that are in the
> repository, feel free to create copies as temporary files.
>>> This looks a bit undesired flexibility.. This certificate is required to
>>> use "<company> Hotspot 2.0 Intermediate CA" format for the CN. If this
>>> can be modified, it documentation should make it clear that changing
>>> this to anything else will result in an invalid certificate.
>> So, maybe let users specify the <company> and keep the rest hard-coded as is?
> That's probably the best option here. The client side is not really
> required to verify this form, so there is not much value in changing the
> postfix even for testing purposes.

Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com

More information about the Hostap mailing list