LocutusOfBorg: It looks like you chose to change CONFIG_TLS from openssl to gnutls. I’m concerned that GnuTLS support in wpa_supplicant is not fully baked security-wise, given these comments:
src/crypto/tls_gnutls.c: /* TODO: gnutls_certificate_set_verify_flags(xcred, flags);
src/crypto/tls_gnutls.c- * to force peer validation(?) */
src/crypto/tls_gnutls.c: /* TODO: validate subject_match and altsubject_match */
LocutusOfBorg: It looks like you chose to change CONFIG_TLS from openssl to gnutls. I’m concerned that GnuTLS support in wpa_supplicant is not fully baked security-wise, given these comments:
src/crypto/ tls_gnutls. c: /* TODO: gnutls_ certificate_ set_verify_ flags(xcred, flags); tls_gnutls. c- * to force peer validation(?) */ tls_gnutls. c: /* TODO: validate subject_match and altsubject_match */
src/crypto/
src/crypto/