diff options
| author | Jouni Malinen <j@w1.fi> | 2015-01-11 00:00:04 +0200 |
|---|---|---|
| committer | Amarnath Hullur Subramanyam <amarnath@codeaurora.org> | 2015-01-27 10:29:43 -0800 |
| commit | 684891d224a14a8e4b4ab75e535661f78701799c (patch) | |
| tree | a2c0f5b0cb5115857ac133aa70c42bc44638baf0 /src | |
| parent | 1c081245caf97def1581ab055d33fe2f6f8eff30 (diff) | |
| download | android_external_wpa_supplicant_8-684891d224a14a8e4b4ab75e535661f78701799c.tar.gz android_external_wpa_supplicant_8-684891d224a14a8e4b4ab75e535661f78701799c.tar.bz2 android_external_wpa_supplicant_8-684891d224a14a8e4b4ab75e535661f78701799c.zip | |
Improve subject_match and domain_suffix_match documentation
These were already covered in both README-HS20 for credentials and in
header files for developers' documentation, but the copy in
wpa_supplicant.conf did not include all the details. In addition, add a
clearer note pointing at subject_match not being suitable for suffix
matching domain names; domain_suffix_match must be used for that.
Signed-off-by: Jouni Malinen <j@w1.fi>
Git-repo: git://w1.fi/srv/git/hostap.git
Git-commit: 394b54732ec9586f96aa91423a2da55806b0adec
CRs-Fixed: 786617
Change-Id: I0b0b7e001bcc78a6a3a347b6c23ba38d76a78c58
Diffstat (limited to 'src')
| -rw-r--r-- | src/eap_peer/eap_config.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h index 2591e113..76aec10b 100644 --- a/src/eap_peer/eap_config.h +++ b/src/eap_peer/eap_config.h @@ -186,6 +186,10 @@ struct eap_peer_config { * string is in following format: * * /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@n.example.com + * + * Note: Since this is a substring match, this cannot be used securily + * to do a suffix match against a possible domain name in the CN entry. + * For such a use case, domain_suffix_match should be used instead. */ u8 *subject_match; |