Hello, it looks like 0.8 and the upcoming 0.9 don't allow to specify the "subject_match" parameter for WPAx-Enterprise connections. In the wpa_supplicant backend, this parameter exists and can be used just fine (see its man page). Being able to specify the exact expected server name is an important security property if *not* using self-signed certificates or private CAs. I'm an R&D engineer in a major 802.1X-based roaming consortium (www.eduroam.org) ; the lack of the subject_match feature has always been a bit of a grief for me. After reporting this as a feature request against KNetworkManager, I was told that I should bug the underlying NetworkManager list instead, so here I am :-) Would be nice if this could be changed in the future; maybe even for 0.9? Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
Attachment:
signature.asc
Description: OpenPGP digital signature