Hi,i've recently been playing with eapol_test and server certificates. I've discovered multiple cases when eapol_test outputs (option -o) something incorrecly (at least in my opinion).
When using domain_match configuration option or when using CA certificate against which server cert is validated (or both together), it is possible that no server certificate is written despite being displayed in eapol_test output. This happens when domain_match name does not match server name or the CA cert does not match the server cert.
When using CA cert and the server cert matches it, the CA cert gets copied to the output, so it looks like the server is sending the CA cert itself.
There are also some cases when eapol_test writes a duplicit certificate in the output, but i'm not sure when exactly this happens.
Also there is missing configuration in defconfig for ipv6 support for eapol_test. To enable IPv6 support, i need to add: CONFIG_IPV6=y
cheers, Vaclav -- Václav Mach tel: +420 234 680 206 CESNET, z.s.p.o. www.cesnet.cz
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap