On Fri, 15 Oct 2021 at 22:15, Jouni Malinen <j@xxxxx> wrote: > On Wed, Oct 06, 2021 at 11:31:50PM +0100, Sam Mason wrote: > > I was hoping that validating the certificate might help > > prevent PITM attacks, but I'm not even sure if that makes sense for > > this protocol. > > wpa_supplicant sends out CTRL-EVENT-EAP-PEER-CERT events as control > interface events during EAP authentication that uses TLS. Those message > include a SHA256 hash of the certificate and full hexdump of the raw DER > encoded certificate. Thanks for that; my last session has finally timed out so I've used this properly. > > Google pointed me to https://superuser.com/a/853602/171763 I've added your response as an answer to the stackexchange question, hopefully it points some other people in the right direction as well. Thanks! Sam _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
