<div class="gmail_quote">2009/11/18 Dan Williams <span dir="ltr">&lt;<a href="mailto:dcbw@redhat.com">dcbw@redhat.com</a>&gt;</span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">

<div class="im">Can you post your wpa_supplicant configuration?  Are you using TLS or</div>
TTLS?<br>
<br>
If you configure wpa_supplicant correctly, the provider&#39;s certificate is<br>
also checked.  That&#39;s the &quot;ca_cert&quot; option.  If the certificate that the<br>
provider sends is not signed by your trusted Certificate Authority then<br>
the connection is denied by wpa_supplicant.  If you do no specify the<br>
ca_cert option in the configuration, then your connection is insecure<br>
and could be hijacked.<br>
<br>
There&#39;s also the &quot;subject_match&quot; and &quot;altsubject_match&quot; configuration<br>
options, which can further increase security by ensuring that the<br>
provider&#39;s certificate matches a few basic criteria that you specify.<br><br></blockquote><div><br></div><div>Yes, here it is:</div><div><br></div><div>---&gt;0-----------------------------------</div><div>ctrl_interface=/var/run/wpa_supplicant</div>

<div>ctrl_interface_group=0</div><div>ap_scan=1</div><div>network={</div><div>ssid=&quot;internet&quot;</div><div>proto=WPA</div><div>key_mgmt=WPA-EAP</div><div>auth_alg=OPEN</div><div>pairwise=TKIP</div><div>eap=TLS</div>

<div>anonymous_identity=&quot;SOMEUNIQUEID&quot;</div><div>ca_cert=&quot;/etc/certificati/somefile.cer&quot;</div><div>private_key=&quot;/etc/certificati/somefile.p12&quot;</div><div>private_key_passwd=&quot;CERTPASSWD&quot;</div>

<div>phase2=&quot;auth=MSCHAPV2&quot;</div><div>} </div></div><br>-- <br>Sivieri Alessandro<br><a href="mailto:alessandro.sivieri@gmail.com">alessandro.sivieri@gmail.com</a><br><a href="http://www.chimera-bellerofonte.eu/">http://www.chimera-bellerofonte.eu/</a><br>

<a href="http://www.poul.org/">http://www.poul.org/</a><br>