Search Linux Wireless

Re: [PATCH 1/2] hs20-ca: Update key generation scripts and files.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 03/23/2015 03:16 PM, Julian Calaby wrote:
> Hi Ben,
> 
> On Tue, Mar 24, 2015 at 5:03 AM,  <greearb@xxxxxxxxxxxxxxx> wrote:
>> From: Ben Greear <greearb@xxxxxxxxxxxxxxx>
>>
>> This lets us properly over-ride the default w1.fi
>> related strings in order to properly generate keys
>> that can be used by the OCSP process.
>>
>> Signed-off-by: Ben Greear <greearb@xxxxxxxxxxxxxxx>
>> ---
>>  hs20/server/ca/openssl.cnf | 12 ++++++------
>>  hs20/server/ca/setup.sh    | 42 ++++++++++++++++++++++++++++++------------
>>  2 files changed, 36 insertions(+), 18 deletions(-)
>>
>> diff --git a/hs20/server/ca/openssl.cnf b/hs20/server/ca/openssl.cnf
>> index e29e737..c614479 100644
>> --- a/hs20/server/ca/openssl.cnf
>> +++ b/hs20/server/ca/openssl.cnf
>> @@ -117,10 +117,10 @@ subjectKeyIdentifier=hash
>>  authorityKeyIdentifier=keyid:always,issuer
>>  basicConstraints = critical, CA:true, pathlen:0
>>  keyUsage = critical, cRLSign, keyCertSign
>> -authorityInfoAccess = OCSP;URI:http://osu.w1.fi:8888/
>> +authorityInfoAccess = OCSP;URI:@OCSP_URI@
>>  # For SP intermediate CA
>>  #subjectAltName=critical,otherName:1.3.6.1.4.1.40808.1.1.1;UTF8String:engExample OSU
>> -#nameConstraints=permitted;DNS:.w1.fi
>> +#nameConstraints=permitted;DNS:.@DOMAIN@
>>  #1.3.6.1.5.5.7.1.12=ASN1:SEQUENCE:LogotypeExtn
>>
>>  [ v3_osu_server ]
>> @@ -184,7 +184,7 @@ extendedKeyUsage = OCSPSigning
>>  basicConstraints=CA:FALSE
>>  subjectKeyIdentifier=hash
>>  authorityKeyIdentifier=keyid,issuer
>> -authorityInfoAccess = OCSP;URI:http://osu.w1.fi:8888/
>> +authorityInfoAccess = OCSP;@OCSP_URI@
> 
> Are you sure this change is correct? You drop the "URI:" part here but
> not above or below.

You are correct, this is a bug.  I've fixed it locally,
but not posted a new patch yet.  And, I'll post it to the hostapd
mailing list instead of linux-wireless next time since that seems more
appropriate.

Thanks for the review!

Ben

-- 
Ben Greear <greearb@xxxxxxxxxxxxxxx>
Candela Technologies Inc  http://www.candelatech.com

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux