Add server identity configuration for EAP server

The new server_id parameter in hostapd.conf can now be used to specify which identity is delivered to the EAP peer with EAP methods that support authenticated server identity. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-06 18:17:15 +03:00 · 2013-07-06 18:17:15 +03:00 · 67fe933d40
commit 67fe933d40
parent 06aeff5f8f
13 changed files with 46 additions and 0 deletions
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@ -2634,6 +2634,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
 			bss->upc = os_strdup(pos);
 		} else if (os_strcmp(buf, "pbc_in_m1") == 0) {
 			bss->pbc_in_m1 = atoi(pos);
+		} else if (os_strcmp(buf, "server_id") == 0) {
+			os_free(bss->server_id);
+			bss->server_id = os_strdup(pos);
 #ifdef CONFIG_WPS_NFC
 		} else if (os_strcmp(buf, "wps_nfc_dev_pw_id") == 0) {
 			bss->wps_nfc_dev_pw_id = atoi(pos);
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@ -666,6 +666,11 @@ eap_server=0
 # Passphrase for private key
 #private_key_passwd=secret passphrase

+# Server identity
+# EAP methods that provide mechanism for authenticated server identity delivery
+# use this value. If not set, "hostapd" is used as a default.
+#server_id=server.example.com
+
 # Enable CRL verification.
 # Note: hostapd does not yet support CRL downloading based on CDP. Thus, a
 # valid CRL signed by the CA is required to be included in the ca_cert file.