From: Ben Greear <greearb@candelatech.com>
To: Julian Calaby <julian.calaby@gmail.com>
Cc: linux-wireless <linux-wireless@vger.kernel.org>
Subject: Re: [PATCH 1/2] hs20-ca: Update key generation scripts and files.
Date: Mon, 23 Mar 2015 15:31:45 -0700 [thread overview]
Message-ID: <55109451.5060403@candelatech.com> (raw)
In-Reply-To: <CAGRGNgV4vTofdxq5G-DwDHMACyd13QT74wSnAbwqxA=1SJkU_Q@mail.gmail.com>
On 03/23/2015 03:16 PM, Julian Calaby wrote:
> Hi Ben,
>
> On Tue, Mar 24, 2015 at 5:03 AM, <greearb@candelatech.com> wrote:
>> From: Ben Greear <greearb@candelatech.com>
>>
>> This lets us properly over-ride the default w1.fi
>> related strings in order to properly generate keys
>> that can be used by the OCSP process.
>>
>> Signed-off-by: Ben Greear <greearb@candelatech.com>
>> ---
>> hs20/server/ca/openssl.cnf | 12 ++++++------
>> hs20/server/ca/setup.sh | 42 ++++++++++++++++++++++++++++++------------
>> 2 files changed, 36 insertions(+), 18 deletions(-)
>>
>> diff --git a/hs20/server/ca/openssl.cnf b/hs20/server/ca/openssl.cnf
>> index e29e737..c614479 100644
>> --- a/hs20/server/ca/openssl.cnf
>> +++ b/hs20/server/ca/openssl.cnf
>> @@ -117,10 +117,10 @@ subjectKeyIdentifier=hash
>> authorityKeyIdentifier=keyid:always,issuer
>> basicConstraints = critical, CA:true, pathlen:0
>> keyUsage = critical, cRLSign, keyCertSign
>> -authorityInfoAccess = OCSP;URI:http://osu.w1.fi:8888/
>> +authorityInfoAccess = OCSP;URI:@OCSP_URI@
>> # For SP intermediate CA
>> #subjectAltName=critical,otherName:1.3.6.1.4.1.40808.1.1.1;UTF8String:engExample OSU
>> -#nameConstraints=permitted;DNS:.w1.fi
>> +#nameConstraints=permitted;DNS:.@DOMAIN@
>> #1.3.6.1.5.5.7.1.12=ASN1:SEQUENCE:LogotypeExtn
>>
>> [ v3_osu_server ]
>> @@ -184,7 +184,7 @@ extendedKeyUsage = OCSPSigning
>> basicConstraints=CA:FALSE
>> subjectKeyIdentifier=hash
>> authorityKeyIdentifier=keyid,issuer
>> -authorityInfoAccess = OCSP;URI:http://osu.w1.fi:8888/
>> +authorityInfoAccess = OCSP;@OCSP_URI@
>
> Are you sure this change is correct? You drop the "URI:" part here but
> not above or below.
You are correct, this is a bug. I've fixed it locally,
but not posted a new patch yet. And, I'll post it to the hostapd
mailing list instead of linux-wireless next time since that seems more
appropriate.
Thanks for the review!
Ben
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
next prev parent reply other threads:[~2015-03-23 22:31 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-23 18:03 [PATCH 1/2] hs20-ca: Update key generation scripts and files greearb
2015-03-23 18:03 ` [PATCH 2/2] hs20: Update hs20 server notes file greearb
2015-03-23 18:04 ` [PATCH 1/2] hs20-ca: Update key generation scripts and files Ben Greear
2015-03-23 22:16 ` Julian Calaby
2015-03-23 22:31 ` Ben Greear [this message]
2015-03-23 22:33 ` Julian Calaby
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55109451.5060403@candelatech.com \
--to=greearb@candelatech.com \
--cc=julian.calaby@gmail.com \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.