--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANA7a4aeP7QOYEhU
+Tcbci7lrddDkYPChQwuv+cR3aRGEUr6efXG0qoAf6+bAN95J9IVDrk1S8+swc67m
+GAQUj8JjMKQM6/XWy/SvHU/WOkN4FDLe5YilNL6rmqSj3muE43iTHBwpx/xrzGjX
+7sBd1z2RiIFWulQRnk7ogIPgbMrxAgMBAAECgYEArWSNSO+FRD2kVxY8HZeQkbm1
+xVgmkLj3x0elx79XMkrpS+lVs9UpFL+ABAmTe/pBLqcJAUJN8k3KRp066krk2QyQ
+uilRkugON0vBJzLse9HryXilx0aWEVl3xZBKu1E3G4mcCl2LoPaASCZtjQXd/XCd
+zdBR24qe123ofMpIo0ECQQDooUnHsruInBX9bRP11xXs7bI5298ZLCWHFAhGa/Tb
+KvVXkXnzPVYhRi2w0Leqb0lht/4GX9MB06xcHs5TLvltAkEA5SasURCjxXc7svGJ
+yP1s779DxYWoEBvGiRPygtyO40cnkOuupXKLaSkSuNUGag+6UxNzxGSUx9aiadse
+oxOJFQJAL6y2SSXZBxMt8oUDPTO6O5cvGmp0G12Px1IUrBH92VjBdRPMUUw1tZYD
+USRFL7mk6VDiz32d6dbukOaDVErhNQJASwnoAb/WMXLDHO0VtriudLAIbGVBTM0b
+rYXXs1yweeKyJTXYghtJZc1qcRZpPFAcLto+3cAmLG6vzsRPew2JpQJBAN8krD5c
+RYAGuXtslPkH7BWypJXI+K3brZkKBiyXVB/fbwnpXI1KTbzeBSly60JrjuymY9+X
+NKs5A4HSiCtQjSk=
+-----END PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 15624081837803162826 (0xd8d3e3a6cbe3ccca)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=FI, O=w1.fi, CN=Root CA
+ Validity
+ Not Before: Jan 1 00:00:00 2014 GMT
+ Not After : Jan 2 00:00:00 2014 GMT
+ Subject: C=FI, O=w1.fi, CN=server4.w1.fi
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:d0:3b:6b:86:9e:3f:b4:0e:60:48:54:4d:c6:dc:
+ 8b:b9:6b:75:d0:e4:60:f0:a1:43:0b:af:f9:c4:77:
+ 69:11:84:52:be:9e:7d:71:b4:aa:80:1f:eb:e6:c0:
+ 37:de:49:f4:85:43:ae:4d:52:f3:eb:30:73:ae:e6:
+ 18:04:14:8f:c2:63:30:a4:0c:eb:f5:d6:cb:f4:af:
+ 1d:4f:d6:3a:43:78:14:32:de:e5:88:a5:34:be:ab:
+ 9a:a4:a3:de:6b:84:e3:78:93:1c:1c:29:c7:fc:6b:
+ cc:68:d7:ee:c0:5d:d7:3d:91:88:81:56:ba:54:11:
+ 9e:4e:e8:80:83:e0:6c:ca:f1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 75:B0:65:1F:2F:A9:BE:D7:D0:EE:9D:42:8F:8B:13:5F:D0:AD:13:7B
+ X509v3 Authority Key Identifier:
+ keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
+
+ Authority Information Access:
+ OCSP - URI:http://server.w1.fi:8888/
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ Signature Algorithm: sha1WithRSAEncryption
+ 12:e7:8a:e1:3d:d9:fd:36:ce:71:66:b3:74:48:c1:f0:38:75:
+ 30:56:c7:2c:9c:0d:da:d0:68:19:47:a2:37:38:0d:db:4f:f9:
+ b9:cc:0d:25:b1:35:ed:df:19:8c:4b:bd:f0:08:11:13:4b:e9:
+ a7:d7:50:2e:fa:7a:16:e1:4f:0f:5a:b4:42:34:ff:43:08:5c:
+ 3c:04:6a:f8:44:8d:f6:e5:a7:82:38:60:d0:5c:d1:59:f9:02:
+ 84:7f:da:ae:6c:e9:55:c8:f5:0e:da:55:70:f3:77:48:30:1f:
+ ab:60:39:a1:77:49:29:e3:51:54:62:72:c7:78:ae:17:14:c5:
+ dd:2c
+-----BEGIN CERTIFICATE-----
+MIICfTCCAeagAwIBAgIJANjT46bL48zKMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV
+BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNDAx
+MDEwMDAwMDBaFw0xNDAxMDIwMDAwMDBaMDUxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
+DAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNC53MS5maTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEA0Dtrhp4/tA5gSFRNxtyLuWt10ORg8KFDC6/5xHdpEYRSvp59
+cbSqgB/r5sA33kn0hUOuTVLz6zBzruYYBBSPwmMwpAzr9dbL9K8dT9Y6Q3gUMt7l
+iKU0vquapKPea4TjeJMcHCnH/GvMaNfuwF3XPZGIgVa6VBGeTuiAg+BsyvECAwEA
+AaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR1sGUfL6m+19DunUKPixNf0K0T
+ezAfBgNVHSMEGDAWgBS4kt79ihizMMOfVfMzXbTIKYpBFDA1BggrBgEFBQcBAQQp
+MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8wEwYDVR0l
+BAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADgYEAEueK4T3Z/TbOcWazdEjB
+8Dh1MFbHLJwN2tBoGUeiNzgN20/5ucwNJbE17d8ZjEu98AgRE0vpp9dQLvp6FuFP
+D1q0QjT/QwhcPARq+ESN9uWngjhg0FzRWfkChH/armzpVcj1DtpVcPN3SDAfq2A5
+oXdJKeNRVGJyx3iuFxTF3Sw=
+-----END CERTIFICATE-----
ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
if ev is None:
raise Exception("Timeout on EAP failure report")
+
+def test_ap_wpa2_eap_ttls_expired_cert(dev, apdev):
+ """WPA2-Enterprise using EAP-TTLS and expired certificate"""
+ params = int_eap_server_params()
+ params["server_cert"] = "auth_serv/server-expired.pem"
+ params["private_key"] = "auth_serv/server-expired.key"
+ hostapd.add_ap(apdev[0]['ifname'], params)
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
+ identity="mschap user", password="password",
+ ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
+ wait_connect=False,
+ scan_freq="2412")
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"])
+ if ev is None:
+ raise Exception("Timeout on EAP certificate error report")
+ if "reason=4" not in ev or "certificate has expired" not in ev:
+ raise Exception("Unexpected failure reason: " + ev)
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
+ if ev is None:
+ raise Exception("Timeout on EAP failure report")
+
+def test_ap_wpa2_eap_ttls_ignore_expired_cert(dev, apdev):
+ """WPA2-Enterprise using EAP-TTLS and ignore certificate expiration"""
+ params = int_eap_server_params()
+ params["server_cert"] = "auth_serv/server-expired.pem"
+ params["private_key"] = "auth_serv/server-expired.key"
+ hostapd.add_ap(apdev[0]['ifname'], params)
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
+ identity="mschap user", password="password",
+ ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
+ phase1="tls_disable_time_checks=1",
+ scan_freq="2412")
projects / mech_eap.git / commitdiff