pki: eapol: T4245: Add full CA and client cert chains to wpa_supplicant PEM files - vyos-1x.git - VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git)

diff options

author	Andrew Gunnerson <chillermillerlong@hotmail.com>	2022-02-16 17:46:06 -0500
committer	Andrew Gunnerson <chillermillerlong@hotmail.com>	2022-02-17 19:00:25 -0500
commit	3d1b34bf715e594aa4a013d409bfcc5a4c4ad99c (patch)
tree	9f8602dde6c4f7112e96f779d788a77a5d799852 /src/conf_mode/service_webproxy.py
parent	9e626ce7bad2bd846826822a3622fedf2d937e09 (diff)
download	vyos-1x-3d1b34bf715e594aa4a013d409bfcc5a4c4ad99c.tar.gz vyos-1x-3d1b34bf715e594aa4a013d409bfcc5a4c4ad99c.zip

pki: eapol: T4245: Add full CA and client cert chains to wpa_supplicant PEM files

This commit updates the eapol code so that it writes the full certificate chains for both the specified CA and the client certificate to `<iface>_ca.pem` and `<iface>_cert.pem`, respectively. The full CA chain is necessary for validating the incoming server certificate when it is signed by an intermediate CA and the intermediate CA cert is not included in the EAP-TLS ServerHello. In this scenario, wpa_supplicant needs to have both the intermediate CA and the root CA in its `ca_file`. Similarly, the full client certificate chain is needed when the ISP expects/requires that the client (wpa_supplicant) sends the client cert + the intermediate CA (or even + the root CA) as part of the EAP-TLS ClientHello. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>

Diffstat (limited to 'src/conf_mode/service_webproxy.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: