Andriod certificate validation behavior

[Brian Julin]

Alan DeKok wrote:
>   I'd suggest putting up a web page explaining how you can steal android
> credentials via a malicious AP.  If you can get it to do TTLS + PAP for
> a random certificate, that's good for a CERT issue.  And they'll pay
> attention to that.

The FreeRADIUS-WPE patches have been out since at least 2008, but
I guess having something that specifically shows an Android yielding
up credentials might be more provocative, yes.