Add RSA public key (in an X.509v3 certificate) and private key for IMSI
privacy. These were generated with
openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes -days 7500 \
-keyout imsi-privacy-key.pem -out imsi-privacy-cert.pem
Test the case where wpa_supplicant side RSA-OAEP operation for IMSI
privacy is done in an external component while the hostapd (EAP server)
processing of the encrypted identity is internal.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed with the modified hostapd implementation to fix the
ap_hs20_terms_and_conditions* test cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
For testing purposes, enable TLS v1.3 in the authentication server so
that the protocol version can be controlled from wpa_supplicant side
more easily.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier to post-process frame capture files if frames need
to be decrypted in test cases that do not configure wlantest with the
PMK directly (i.e., mainly the cases when a RADIUS server is used).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
GnuTLS has a hardcoded three day limit on OCSP response age regardless
of the next update value in the response. To make this work in the test
scripts, try to generate a new response when starting the authentication
server. The old mechanism of a response without next update value is
used as a backup option if openssl is not available or fails to generate
the response for some reason.
Signed-off-by: Jouni Malinen <j@w1.fi>
Enable hostapd control interface for the RADIUS server instance and
verify that the RADIUS server MIB counters are incremented.
Signed-off-by: Jouni Malinen <j@w1.fi>
