projects / mech_eap.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: be7963b) | patch
Add AAA server domain name suffix matching constraint
authorJouni Malinen <jouni@qca.qualcomm.com>
Mon, 7 Oct 2013 01:02:16 +0000 (18:02 -0700)
committerJouni Malinen <j@w1.fi>
Fri, 18 Oct 2013 10:34:26 +0000 (13:34 +0300)
commit01f809c7db3c2afcb3ed8c2af91f303a0cbee8a1
tree15aa87b886d0796dccdcb6c46c39bb7287ba9025tree | snapshot
parentbe7963b3c266ef79c0387908d1f2e97f31a5a140commit | diff
Add AAA server domain name suffix matching constraint

The new domain_suffix_match (and domain_suffix_match2 for Phase 2
EAP-TLS) can now be used to specify an additional constraint for the
server certificate domain name. If set, one of the dNSName values (or if
no dNSName is present, one of the commonName values) in the certificate
must have a suffix match with the specified value. Suffix match is done
based on full domain name labels, i.e., "example.com" matches
"test.example.com" but not "test-example.com".

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
src/crypto/tls.h diff | blob | history
src/crypto/tls_openssl.c diff | blob | history
src/eap_peer/eap_config.h diff | blob | history
src/eap_peer/eap_tls_common.c diff | blob | history
wpa_supplicant/config.c diff | blob | history
wpa_supplicant/config_file.c diff | blob | history
Moonshot GSS-API mechanism