HomeVyOS Platform
Diffusion vyos-1x 3d1b34bf715e

pki: eapol: T4245: Add full CA and client cert chains to wpa_supplicant PEM…
3d1b34bf715e
Actions

Description

pki: eapol: T4245: Add full CA and client cert chains to wpa_supplicant PEM files

This commit updates the eapol code so that it writes the full
certificate chains for both the specified CA and the client certificate
to <iface>_ca.pem and <iface>_cert.pem, respectively.

The full CA chain is necessary for validating the incoming server
certificate when it is signed by an intermediate CA and the
intermediate CA cert is not included in the EAP-TLS ServerHello. In this
scenario, wpa_supplicant needs to have both the intermediate CA and the
root CA in its ca_file.

Similarly, the full client certificate chain is needed when the ISP
expects/requires that the client (wpa_supplicant) sends the client cert
+ the intermediate CA (or even + the root CA) as part of the EAP-TLS
ClientHello.

Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>

Details

Provenance
chenxiaolongAuthored on Feb 16 2022, 10:46 PM
Parents
rVYOSONEX9e626ce7bad2: vyos.configverify: T4255: fix unexpected print of dictionary instead of key
Branches
Loading...
Tags
Loading...

Changes (3)

PathSize
python/
vyos/
smoketest/
scripts/
cli/
src/
conf_mode/

rVYOSONEX3d1b34bf715e

View Options

python/vyos/pki.py

Loading...
View Options

smoketest/scripts/cli/test_interfaces_ethernet.py

Loading...
View Options

src/conf_mode/interfaces-ethernet.py

Loading...