wrong time?

Jeff Sadowski jeff.sadowski
Thu May 15 08:49:29 PDT 2008


So there is no way not to check using the internal TLS implementation?
like ca_cert=none or something?

The script I wrote works for me but it just sets the time to a valid
time for the
cert. I would need a better way of determining time to do it correctly.
I do remember someone hooking up a RTC to a gumstix before. But since our
cert is out of date it wouldn't work anyways.

On Thu, May 15, 2008 at 9:35 AM, Jouni Malinen <j at w1.fi> wrote:
> On Fri, May 09, 2008 at 12:01:46PM -0600, Jeff Sadowski wrote:
>
>> In windows we are told to uncheck server validation. (I know this is
>> unsafe but the network admin did not know how to set it up properly on
>> our trapeze wireless system.) So it will never check the cert from any
>> of the windows machines.
>
> The behavior for server certificate validation is somewhat undefined if
> ca_cert is not configured. It looks like the current behavior is that
> the internal TLS implementation verifies the validity period even in
> this case but OpenSSL-based TLS implementation does not. Since this
> configuration is invalid from security view point, I don't see much need
> in changing the current behavior. If ca_cert is set, both TLS
> implementations would require the server certificate to be valid at the
> time of the authentication.
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>



More information about the Hostap mailing list