path: root/wpa_supplicant/README-HS20
diff options
authorJouni Malinen <jouni@qca.qualcomm.com>2013-10-07 01:14:51 (GMT)
committerJouni Malinen <j@w1.fi>2013-10-18 11:13:45 (GMT)
commitac1bc549483ca2b95eb54ac67ba24a795b763d8f (patch)
treea9cd48e54f6955e08867b0f25e6f21a8548ef6b1 /wpa_supplicant/README-HS20
parent463c8ffbd5bf15dc5158d68fc32347cfb5746a83 (diff)
Interworking: Add domain_suffix_match for credentials
This allow domain_suffix_match to be specified for a cred block and then get this copied for the network blocks generated from this credential as part of Interworking network selection. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'wpa_supplicant/README-HS20')
1 files changed, 15 insertions, 0 deletions
diff --git a/wpa_supplicant/README-HS20 b/wpa_supplicant/README-HS20
index 7a570bd..940c576 100644
--- a/wpa_supplicant/README-HS20
+++ b/wpa_supplicant/README-HS20
@@ -166,6 +166,20 @@ Credentials can be pre-configured for automatic network selection:
# milenage: Milenage parameters for SIM/USIM simulator in <Ki>:<OPc>:<SQN>
# format
+# domain_suffix_match: Constraint for server domain name
+# If set, this FQDN is used as a suffix match requirement for the AAA
+# server certificate in SubjectAltName dNSName element(s). If a
+# matching dNSName is found, this constraint is met. If no dNSName
+# values are present, this constraint is matched against SubjetName CN
+# using same suffix match comparison. Suffix match here means that the
+# host/domain name is compared one label at a time starting from the
+# top-level domain and all the labels in @domain_suffix_match shall be
+# included in the certificate. The certificate may include additional
+# sub-level labels in addition to the required labels.
+# For example, domain_suffix_match=example.com would match
+# test.example.com but would not match test-example.com.
# domain: Home service provider FQDN(s)
# This is used to compare against the Domain Name List to figure out
# whether the AP is operated by the Home SP. Multiple domain entries can
@@ -205,6 +219,7 @@ Credentials can be pre-configured for automatic network selection:
# password="password"
# ca_cert="/etc/wpa_supplicant/ca.pem"
# domain="example.com"
+# domain_suffix_match="example.com"