adding subjecT_match to list of configurable options


it looks like 0.8 and the upcoming 0.9 don't allow to specify the
"subject_match" parameter for WPAx-Enterprise connections. In the
wpa_supplicant backend, this parameter exists and can be used just fine
(see its man page).

Being able to specify the exact expected server name is an important security property if *not* using self-signed certificates or private CAs.

I'm an R&D engineer in a major 802.1X-based roaming consortium ( ; the lack of the subject_match feature has always been a bit of a grief for me. After reporting this as a feature request against KNetworkManager, I was told that I should bug the underlying NetworkManager list instead, so here I am :-)

Would be nice if this could be changed in the future; maybe even for 0.9?


Stefan Winter

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]