aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/wpa_supplicant.conf
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-12-22 22:28:13 (GMT)
committerJouni Malinen <j@w1.fi>2015-12-23 22:54:30 (GMT)
commitd6b536f7e576d06e91b0cd7669eb2b73954826f6 (patch)
treee3d3ea2ab5fdc226eb54e0698a4cba6f90c286af /wpa_supplicant/wpa_supplicant.conf
parent02683830b5a0b85b0d1594096060327f3c8a1e7d (diff)
downloadhostap-d6b536f7e576d06e91b0cd7669eb2b73954826f6.zip
hostap-d6b536f7e576d06e91b0cd7669eb2b73954826f6.tar.gz
hostap-d6b536f7e576d06e91b0cd7669eb2b73954826f6.tar.bz2
Add ocsp=3 configuration parameter for multi-OCSP
ocsp=3 extends ocsp=2 by require all not-trusted certificates in the server certificate chain to receive a good OCSP status. This requires support for ocsp_multi (RFC 6961). This commit is only adding the configuration value, but all the currently included TLS library wrappers are rejecting this as unsupported for now. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'wpa_supplicant/wpa_supplicant.conf')
-rw-r--r--wpa_supplicant/wpa_supplicant.conf4
1 files changed, 4 insertions, 0 deletions
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index d8c3849..e204061 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -586,6 +586,8 @@ fast_reauth=1
# 0 = do not use OCSP stapling (TLS certificate status extension)
# 1 = try to use OCSP stapling, but not require response
# 2 = require valid OCSP stapling response
+# 3 = require valid OCSP stapling response for all not-trusted
+# certificates in the server certificate chain
#
# sim_num: Identifier for which SIM to use in multi-SIM devices
#
@@ -1084,6 +1086,8 @@ fast_reauth=1
# 0 = do not use OCSP stapling (TLS certificate status extension)
# 1 = try to use OCSP stapling, but not require response
# 2 = require valid OCSP stapling response
+# 3 = require valid OCSP stapling response for all not-trusted
+# certificates in the server certificate chain
#
# openssl_ciphers: OpenSSL specific cipher configuration
# This can be used to override the global openssl_ciphers configuration