Hi,
> I don't recall seeing that, to be honest. wpa_supplicant doesn't have
> that, and Windows doesn't have it. They both have a "validate server
> certificate" checkbox, but that only checks the CA chain, NOT the CN.
Oh, it exists. It's called subject_match within a network { } stanza of
wpa_supplicant, and all the Windows supplicants I've seen so far allow you
set your expectations on the server name. It's turned off by default though.
We use and advertise this extensively in eduroam.
Greetings,
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1
http://www.restena.lu Fax: +352 422473
Attachment:
signature.asc
Description: This is a digitally signed message part.