On Mon, 2016-02-08 at 21:35 +0100, Christian Hesse wrote: > Christian Hesse <l...@eworm.de> on Mon, 2016/02/08 21:23: > > > Yes, it's come up recently on bugzilla.gnome.org too and it > > > should > > > likely get added > > > > Ah, nice. Do you have a link for the bug? I did not find it... > > And is anybody working on this? > > Uh, just found this one... > > https://bugzilla.gnome.org/show_bug.cgi?id=341323 > > So this is pending since nearly ten years?
No, the bug was originally about alt_subjectmatch functionality which was added years ago. It then got "repurposed" by some people to request the domain_suffix_match functionality which was first added to wpa_supplicant in version 2.1. After some back-and-forth with upstream supplicant about the exact semantics of domain_suffix_match, even that won't solve everyone's problems, but it's good enough for most people. Part of the lag here is that there shouldn't have to be 3+ different options for validating certificates, and people apparently cannot figure out a good single mechanism to do so. I think that would ideally be a list of allowed domains to match, but the supplicant doesn't implement that. So we're left with domain_suffix_match which will work for many people, but apparently not some large users (like MIT). Dan _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list