certificate issues in eapol_test
machv at cesnet.cz
Mon Jun 10 14:03:56 PDT 2019
i've recently been playing with eapol_test and server certificates. I've
discovered multiple cases when eapol_test outputs (option -o) something
incorrecly (at least in my opinion).
When using domain_match configuration option or when using CA
certificate against which server cert is validated (or both together),
it is possible that no server certificate is written despite being
displayed in eapol_test output. This happens when domain_match name does
not match server name or the CA cert does not match the server cert.
When using CA cert and the server cert matches it, the CA cert gets
copied to the output, so it looks like the server is sending the CA cert
There are also some cases when eapol_test writes a duplicit certificate
in the output, but i'm not sure when exactly this happens.
Also there is missing configuration in defconfig for ipv6 support for
eapol_test. To enable IPv6 support, i need to add: CONFIG_IPV6=y
tel: +420 234 680 206
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3710 bytes
Desc: S/MIME Cryptographic Signature
More information about the Hostap