[PATCH] hs20-ca: provide command-line args to setup.sh
Ben Greear
greearb at candelatech.com
Fri Mar 27 15:08:30 EDT 2015
Ok, I have the changes to the first patch done.
I'll wait on additional comments and then re-submit the series
unless you prefer me to send the updated 1/12 before you
review the rest.
Thanks,
Ben
On 03/27/2015 11:20 AM, Jouni Malinen wrote:
> On Fri, Mar 27, 2015 at 10:55:55AM -0700, Ben Greear wrote:
>> What should the 'server-client.key' (and .pem, .csr) be used for? In the end,
>> I did not end up using them..but I used server.pem in several
>> different places, which is probably not the best idea.
>
> Unless you are doing negative testing on an OSU client implementation,
> you would not use server-client.*.
>
>> I wanted to do all of the common substitutions once at the top
>> of the file so that I didn't have to have duplicated sed logic in
>> each of the steps that messes with the .tmp file.
>>
>> The copy to/from orig logic lets me re-run setup.sh and get
>> repeatable results.
>>
>> I can instead make a copy and always work from the copy instead
>> so that it can be run in-place in the git repo if you prefer?
>
> As long as you do not modify any of the files that are in the
> repository, feel free to create copies as temporary files.
>
>>> This looks a bit undesired flexibility.. This certificate is required to
>>> use "<company> Hotspot 2.0 Intermediate CA" format for the CN. If this
>>> can be modified, it documentation should make it clear that changing
>>> this to anything else will result in an invalid certificate.
>>
>> So, maybe let users specify the <company> and keep the rest hard-coded as is?
>
> That's probably the best option here. The client side is not really
> required to verify this form, so there is not much value in changing the
> postfix even for testing purposes.
>
>
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the HostAP
mailing list