Bug?: Server certificate expiration is not verified when no CA certificate is provided

Alejandro Pérez Méndez alex at um.es
Mon Jun 18 00:25:16 PDT 2018


Hi,

I've realised that, when using EAP TTLS with no configured CA 
certificate, the server certificate expiration date is not checked at 
all. Hence, wpa_supplicant silently swallows an expired certificate 
without any complaint at all. Is this behaviour intentional or is it a 
bug? I can see scenarios where you don't want to configure a CA 
certificate but still would like WPA supplicant to do not accept expired 
certificates.

Regards,
Alejandro



More information about the Hostap mailing list