tests: private_key_passwd2 in hostapd configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
09839cab75
commit
ce30a79a14
1 changed files with 43 additions and 0 deletions
|
|
@ -5807,6 +5807,49 @@ def test_ap_wpa2_eap_tls_rsa_and_ec(dev, apdev, params):
|
||||||
dev[1].request("REMOVE_NETWORK all")
|
dev[1].request("REMOVE_NETWORK all")
|
||||||
dev[1].wait_disconnected()
|
dev[1].wait_disconnected()
|
||||||
|
|
||||||
|
def test_ap_wpa2_eap_tls_ec_and_rsa(dev, apdev, params):
|
||||||
|
"""EAP-TLS and both EC and RSA sertificates certificates"""
|
||||||
|
ca = os.path.join(params['logdir'], "ap_wpa2_eap_tls_ec_and_rsa.ca.pem")
|
||||||
|
with open(ca, "w") as f:
|
||||||
|
with open("auth_serv/ca.pem", "r") as f2:
|
||||||
|
f.write(f2.read())
|
||||||
|
with open("auth_serv/ec-ca.pem", "r") as f2:
|
||||||
|
f.write(f2.read())
|
||||||
|
params = {"ssid": "test-wpa2-eap",
|
||||||
|
"wpa": "2",
|
||||||
|
"wpa_key_mgmt": "WPA-EAP",
|
||||||
|
"rsn_pairwise": "CCMP",
|
||||||
|
"ieee8021x": "1",
|
||||||
|
"eap_server": "1",
|
||||||
|
"eap_user_file": "auth_serv/eap_user.conf",
|
||||||
|
"ca_cert": ca,
|
||||||
|
"private_key2": "auth_serv/server-extra.pkcs12",
|
||||||
|
"private_key_passwd2": "whatever",
|
||||||
|
"server_cert": "auth_serv/ec-server.pem",
|
||||||
|
"private_key": "auth_serv/ec-server.key"}
|
||||||
|
hapd = hostapd.add_ap(apdev[0], params)
|
||||||
|
|
||||||
|
eap_connect(dev[0], hapd, "TLS", "tls user",
|
||||||
|
ca_cert="auth_serv/ec-ca.pem",
|
||||||
|
client_cert="auth_serv/ec-user.pem",
|
||||||
|
private_key="auth_serv/ec-user.key")
|
||||||
|
dev[0].request("REMOVE_NETWORK all")
|
||||||
|
dev[0].wait_disconnected()
|
||||||
|
|
||||||
|
# TODO: Make wpa_supplicant automatically filter out cipher suites that
|
||||||
|
# would require ECDH/ECDSA keys when those are not configured in the
|
||||||
|
# selected client certificate. And for no-client-cert case, deprioritize
|
||||||
|
# those cipher suites based on configured ca_cert value so that the most
|
||||||
|
# likely to work cipher suites are selected by the server. Only do these
|
||||||
|
# when an explicit openssl_ciphers parameter is not set.
|
||||||
|
eap_connect(dev[1], hapd, "TLS", "tls user",
|
||||||
|
openssl_ciphers="DEFAULT:-aECDH:-aECDSA",
|
||||||
|
ca_cert="auth_serv/ca.pem",
|
||||||
|
client_cert="auth_serv/user.pem",
|
||||||
|
private_key="auth_serv/user.key")
|
||||||
|
dev[1].request("REMOVE_NETWORK all")
|
||||||
|
dev[1].wait_disconnected()
|
||||||
|
|
||||||
def test_rsn_ie_proto_eap_sta(dev, apdev):
|
def test_rsn_ie_proto_eap_sta(dev, apdev):
|
||||||
"""RSN element protocol testing for EAP cases on STA side"""
|
"""RSN element protocol testing for EAP cases on STA side"""
|
||||||
bssid = apdev[0]['bssid']
|
bssid = apdev[0]['bssid']
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue