[PATCH 01/12] hs20-ca: improve setup.sh and .conf for more flexibility.
Fri Mar 27 10:52:26 PDT 2015
On Thu, Mar 26, 2015 at 05:39:47PM -0400, greearb at candelatech.com wrote:
> This gives more flexibility when generating keys so
> that users do not have to edit files to generate their
> own specific keys.
> Update hs20 notes as well.
OK.. So this was a rebased version of the previous one I commented on.
Anyway, the same comments apply here.
> Signed-off-by: Ben Greear<greearb at candelatech.com>
Space before '<'.
> diff --git a/hs20/server/hs20-osu-server.txt b/hs20/server/hs20-osu-server.txt
> @@ -18,6 +18,10 @@ server validation steps. In other words, it may be most adapt the steps
> +There is a set of example files from a working configuration on
> +a Fedora 20 machine in the ./examples/Fedora20/ directory.
I'm unlikely to accept some of those files into hostap.git, so I would
suggest removing this note for now.
> @@ -128,6 +145,7 @@ EOF
> # Configure RADIUS authentication service
> # Note: Change the URL to match the setup
> # Note: Install AAA server key/certificate and root CA in Key directory
> +# NOTE: ca.pem is a copy of the hs20-server/ca/ca.pem file
There is no such requirement for non-OSEN case, so should not claim that
either. The OSU and AAA trust roots are almost always different in real
> +OSEN Radius configuration notes.
> +The OSEN RADIUS server config file should have the 'ocsp_stapling_response'
> +configuration in it. For example:
> +# hostapd-radius config for the radius used by the OSEN AP
Why driver=wired? driver=none is the one to use for RADIUS server only
These have nothing to do with RADIUS server configuration.
Would be good to have OSEN mentioned somewhere in the file name to make
this more obvious (there is going to be only a single entry in that
file for the specific OSEN user).
This should not be included for OSEN (i.e., it is used only with
Jouni Malinen PGP id EFC895FA
More information about the Hostap