wpa_supplicant and blobs

Branko Subasic branko.subasic at axis.com
Thu Sep 7 14:15:23 EDT 2006

On Thu, 2006-09-07 at 12:45 -0400, Bryan Kadzban wrote:
> On Thu, Sep 07, 2006 at 03:41:57PM +0200, Branko Subasic wrote:
> > I have made some changes in tls_openssl.c to allow certificate and
> > private key blobs in PEM format as well. These changes solve my
> > problem. 
> Would it be easier to just convert the cert and private key to DER
> format on another box (that has the openssl binary)?

Yes, definitively.

> # For the cert:
> openssl x509 -in certfile.pem -inform PEM -outform DER -out certfile.der

It's an application on an embedded platform. The OpenSSL apps are not
present, only the lib is. And the app must be able to handle PEM as
It means that I would have to write the code for the conversion myself.

> There should be some other openssl mini-utility that does the same
> conversion for private keys, but I can't find it.  The conversion itself
> should be as simple as base64-decoding the data after the first blank
> line in the PEM file and before the -----END RSA PRIVATE KEY-----
> trailer.
> Then use the certfile.der and decoded-base64-data files as blobs.

If the private key is encrypted, i.e. passphrase protected, then I would
have to decrypt it first.

One reason why I chose this approch is because most of this is already
done by the wpa_supplicant.

The other reason is that I think it would be nice if blobs are handled
analogous to files. When I first started developing I just assumed that
blobs were handled the same way as files, i.e. that it was OK to pass
certificates and keys to wpa_supplicant in PEM format as well. I think
that others may think so too. And by including these changes blobs would
be handled the same way.
Assuming that the changes themselves are OK, of course ;-)

Thanks for your reply.

More information about the HostAP mailing list