diff options
author | Jouni Malinen <j@w1.fi> | 2015-01-14 10:14:31 (GMT) |
---|---|---|
committer | Jouni Malinen <j@w1.fi> | 2015-01-14 10:24:52 (GMT) |
commit | 483dd6a5e0069d0646505c26a5194eda15472858 (patch) | |
tree | 01d05439b22e050c2b1a145e90c975c385ebeac4 /wpa_supplicant/config.h | |
parent | dd5f9025841f3492b14e9898042c5cab1e270e9c (diff) | |
download | hostap-483dd6a5e0069d0646505c26a5194eda15472858.zip hostap-483dd6a5e0069d0646505c26a5194eda15472858.tar.gz hostap-483dd6a5e0069d0646505c26a5194eda15472858.tar.bz2 |
Include peer certificate always in EAP events
This makes it easier for upper layer applications to get information
regarding the server certificate without having to use a special
certificate probing connection. This provides both the SHA256 hash of
the certificate (to be used with ca_cert="hash://server/sha256/<hash>",
if desired) and the full DER encoded X.509 certificate so that upper
layer applications can parse and display the certificate easily or
extract fields from it for purposes like configuring an altsubject_match
or domain_suffix_match.
The old behavior can be configured by adding cert_in_cb=0 to
wpa_supplicant configuration file.
Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'wpa_supplicant/config.h')
-rw-r--r-- | wpa_supplicant/config.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h index dca17c2..be82c3c 100644 --- a/wpa_supplicant/config.h +++ b/wpa_supplicant/config.h @@ -31,6 +31,7 @@ #define DEFAULT_P2P_SEARCH_DELAY 500 #define DEFAULT_RAND_ADDR_LIFETIME 60 #define DEFAULT_KEY_MGMT_OFFLOAD 1 +#define DEFAULT_CERT_IN_CB 1 #include "config_ssid.h" #include "wps/wps.h" @@ -1119,6 +1120,14 @@ struct wpa_config { * Maximum number of mesh peering currently maintained by the STA. */ int max_peer_links; + + /** + * cert_in_cb - Whether to include a peer certificate dump in events + * + * This controls whether peer certificates for authentication server and + * its certificate chain are included in EAP peer certificate events. + */ + int cert_in_cb; }; |