Doubts regarding HS 2.0R2 OSU SPP server and client

Sreenath S sreenath.mailing.lists at gmail.com
Thu Apr 10 08:12:42 EDT 2014


Hi Jouni,

In 'sql-example.txt' file, 'aaa_trust_root_cert_url' is set as
'https://<URL>/hs20/files/aaa-root-ca.pem'. During online-signup OSU client
will download and store the same certificate as base64 encoded. However if the
file is PEM encoded, then base64 encoding will corrupt the file. So the file
should be DER encoded. It is better to rename the file as 'aaa-root-ca.der'
to avoid the confusion. Please correct if I am missing the point.

After online signup how to make the downloaded credentials persistent?
Because in the reference OSU client during 'signup' command, credentials are
configured to supplicant using SET command and then INTERWORKING_SELECT command
is used to initiate connection. The subsequent connections to same production
AP doesn't need online-signup, as credentials are already available. The
question is where to keep the credentials persistent, in wpa_supplicant.conf
file or in downloaded MO file - pps.xml. If the credentials are kept in MO
file, then on what basis framework can pick the right MO and configure the
credentials to supplicant using "set_pps" command. Also after "set_pps" command
INTERWORKING_SELECT command should be issued explicitly to initiate the
connection. Any pointers/suggestion to handle this issue is highly appreciated.

Does OSU SPP server has any option to test user remediation, because it looks
like only machine remediation is supported?

Regards,
Sreenath


More information about the HostAP mailing list