WPA2 Enterprise PEAP MSCHAPv2 connection problem

Jouni Malinen j at w1.fi
Wed Nov 18 04:13:15 EST 2009


On Tue, Nov 17, 2009 at 04:22:10PM -0800, Dan Williams wrote:

> Are ca_cert and ca_path really mutually exclusive?  The config file
> documentation (for 0.6.8 at least) for ca_path says:
> 
> "ca_cert may also be included in that case, but it is not required."

Well, this actually depends on couple of things.. First, ca_path is only
currently supported with OpenSSL, but there are even some differences
there based on what exactly is set in ca_cert. It looks like the current
implementation would not be using ca_path if ca_cert is set as a blob or
as Windows certificate store. However, it does get passed to OpenSSL in
case ca_cert is pointing to a certificate file (which was the case in
this particular example).

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list