<div class="gmail_quote">2009/11/18 Dan Williams <span dir="ltr"><<a href="mailto:dcbw@redhat.com">dcbw@redhat.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">Can you post your wpa_supplicant configuration? Are you using TLS or</div>
TTLS?<br>
<br>
If you configure wpa_supplicant correctly, the provider's certificate is<br>
also checked. That's the "ca_cert" option. If the certificate that the<br>
provider sends is not signed by your trusted Certificate Authority then<br>
the connection is denied by wpa_supplicant. If you do no specify the<br>
ca_cert option in the configuration, then your connection is insecure<br>
and could be hijacked.<br>
<br>
There's also the "subject_match" and "altsubject_match" configuration<br>
options, which can further increase security by ensuring that the<br>
provider's certificate matches a few basic criteria that you specify.<br><br></blockquote><div><br></div><div>Yes, here it is:</div><div><br></div><div>--->0-----------------------------------</div><div>ctrl_interface=/var/run/wpa_supplicant</div>
<div>ctrl_interface_group=0</div><div>ap_scan=1</div><div>network={</div><div>ssid="internet"</div><div>proto=WPA</div><div>key_mgmt=WPA-EAP</div><div>auth_alg=OPEN</div><div>pairwise=TKIP</div><div>eap=TLS</div>
<div>anonymous_identity="SOMEUNIQUEID"</div><div>ca_cert="/etc/certificati/somefile.cer"</div><div>private_key="/etc/certificati/somefile.p12"</div><div>private_key_passwd="CERTPASSWD"</div>
<div>phase2="auth=MSCHAPV2"</div><div>} </div></div><br>-- <br>Sivieri Alessandro<br><a href="mailto:alessandro.sivieri@gmail.com">alessandro.sivieri@gmail.com</a><br><a href="http://www.chimera-bellerofonte.eu/">http://www.chimera-bellerofonte.eu/</a><br>
<a href="http://www.poul.org/">http://www.poul.org/</a><br>