[PATCH] hs20-ca: provide command-line args to setup.sh

Jouni Malinen j at w1.fi
Fri Mar 27 14:20:08 EDT 2015


On Fri, Mar 27, 2015 at 10:55:55AM -0700, Ben Greear wrote:
> What should the 'server-client.key' (and .pem, .csr) be used for?  In the end,
> I did not end up using them..but I used server.pem in several
> different places, which is probably not the best idea.

Unless you are doing negative testing on an OSU client implementation,
you would not use server-client.*.

> I wanted to do all of the common substitutions once at the top
> of the file so that I didn't have to have duplicated sed logic in
> each of the steps that messes with the .tmp file.
> 
> The copy to/from orig logic lets me re-run setup.sh and get
> repeatable results.
> 
> I can instead make a copy and always work from the copy instead
> so that it can be run in-place in the git repo if you prefer?

As long as you do not modify any of the files that are in the
repository, feel free to create copies as temporary files.

> > This looks a bit undesired flexibility.. This certificate is required to
> > use "<company> Hotspot 2.0 Intermediate CA" format for the CN. If this
> > can be modified, it documentation should make it clear that changing
> > this to anything else will result in an invalid certificate.
> 
> So, maybe let users specify the <company> and keep the rest hard-coded as is?

That's probably the best option here. The client side is not really
required to verify this form, so there is not much value in changing the
postfix even for testing purposes.
 
-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list