How options domain_suffix_match gets it value?

Tue Feb 20 09:23:20 PST 2018

Hello,

I have a question about how work this options
`domain_suffix_match`
https://w1.fi/cgit/hostap/tree/wpa_supplicant/README-HS20#n171

I am trying to create wifi profile (with Hotspot 2.0 support) file for
android device. Android used wap_supplicant code to connect to wifi.

There is sample of wifi profile
https://android.googlesource.com/platform/cts/+/820462adf196086b5c887cc9287f904decbb7203/tests/tests/net/assets/PerProviderSubscription.xml#309
 I not found in this sample or in Android sources, code that
explicitly sets a limit on Common Name field from radius server
certificate.

But I found the next code
https://w1.fi/cgit/hostap/tree/hs20/client/osu_client.c#n1178

```
static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client *ctx, int id,
      xml_node_t *node)
{
    char *str = xml_node_get_text(ctx->xml, node);
    if (str == NULL)
        return;
    wpa_printf(MSG_INFO, "- HomeSP/FQDN = %s", str);
    if (set_cred_quoted(ctx->ifname, id, "domain", str) < 0)
        wpa_printf(MSG_INFO, "Failed to set cred domain");
    if (set_cred_quoted(ctx->ifname, id, "domain_suffix_match", str) < 0)
        wpa_printf(MSG_INFO, "Failed to set cred domain_suffix_match");
    xml_node_get_text_free(ctx->xml, str);
}
```

If I understand this code correctly it take domain name from Home
service provider field/option and use it value for this options
`domain` and `domain_suffix_match`.

First options used to select the right WiFi network from available
list of networks.
The purpose of second options is to check radius server certificate
and allow connections only if Common name from this certificate
contains FQDN and suffix of it domain match with option value.

My question is: these both options used the one value from Home
service provider field?

--
Vladimir