Based on discussions in the IETF EMU working group. Apparently there's a 13 year-old RFC which defines an OID to indicate that certificates can be used for EAPoL. I've attached minor patches which allow this in addition to the existing id-kp-serverAuth OID. I've updated the FreeRADIUS certificate generation scripts, too. They now allow and document the id-kp-eapOverLAN OID. This change will not affect any existing implementations. But it will make hostap / wpa_supplicant more flexible in the face of future standards work.
Attachment:
0001-Allow-server-certificates-to-use-id-kp-eapOverLAN-to.patch
Description: Binary data
_______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap