Bug 654597 – make 802.1X property "subject_match" a configurable option

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 654597 - make 802.1X property "subject_match" a configurable option


Summary:	make 802.1X property "subject_match" a configurable option


Status:	RESOLVED DUPLICATE of bug 341323

Product:	NetworkManager
Classification:	Platform
Component:	general
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal enhancement
Target Milestone:	---
Assigned To:	Dan Williams
QA Contact:	Dan Williams

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2011-07-14 09:51 UTC by Stefan Winter
Modified:	2011-07-15 05:58 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Stefan Winter 2011-07-14 09:51:52 UTC

Hello,

it looks like 0.8 and the upcoming 0.9 don't allow to specify the "subject_match" parameter for WPAx-Enterprise connections. In the wpa_supplicant backend, this parameter exists and can be used just fine (see its man page).

Being able to specify the exact expected server name is an important security property if *not* using self-signed certificates or private CAs.

I'm an R&D engineer in a major 802.1X-based roaming consortium (www.eduroam.org); the lack of the subject_match feature has always been a bit of a grief for us. We are serving several million end customers; it is a bit bad publicity to tell the Linux users among them that they either have to use a plain wpa_supplicant.conf file or be somewhat insecure.

Comment 1 Stefan Winter 2011-07-15 05:58:04 UTC

I've just noted that my request is a ducplicate of 341323 of 2009 ! It's sad that it still isn't live.

*** This bug has been marked as a duplicate of bug 341323 ***