dumping access point certificate from wpa_supplicant

Sam Mason sam at samason.uk
Fri Oct 22 02:23:25 PDT 2021

On Fri, 15 Oct 2021 at 22:15, Jouni Malinen <j at w1.fi> wrote:
> On Wed, Oct 06, 2021 at 11:31:50PM +0100, Sam Mason wrote:
> > I was hoping that validating the certificate might help
> > prevent PITM attacks, but I'm not even sure if that makes sense for
> > this protocol.
> wpa_supplicant sends out CTRL-EVENT-EAP-PEER-CERT events as control
> interface events during EAP authentication that uses TLS. Those message
> include a SHA256 hash of the certificate and full hexdump of the raw DER
> encoded certificate.

Thanks for that; my last session has finally timed out so I've used
this properly.

> > Google pointed me to https://superuser.com/a/853602/171763

I've added your response as an answer to the stackexchange question,
hopefully it points some other people in the right direction as well.



More information about the Hostap mailing list