DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Improve subject_match and domain_suffix_match documentation

Browse source 
These were already covered in both README-HS20 for credentials and in
header files for developers' documentation, but the copy in
wpa_supplicant.conf did not include all the details. In addition, add a
clearer note pointing at subject_match not being suitable for suffix
matching domain names; domain_suffix_match must be used for that.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-01-11 00:00:04 +02:00
parent 8a42a076aa
commit 394b54732e
2 changed files with 27 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/eap_peer/eap_config.h
View file

@ -186,6 +186,10 @@ struct eap_peer_config {
* string is in following format:
*
* /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@n.example.com
*
* Note: Since this is a substring match, this cannot be used securily
* to do a suffix match against a possible domain name in the CN entry.
* For such a use case, domain_suffix_match should be used instead.
*/
u8 *subject_match;