The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hi,

> I think more people (included myself) could think that the general EAP
> settings Root CA will be used... I wonder if there are more
> organizations with such mistaken belief; could this be investigated
> easily by querying the database?
> 
> Additionally, does it make sense to issue a warning when you configure
> CAs in a profile without a Root CA?

The funny thing is: this is already an implemented feature; 1.0.3 had added:

- [FEATURE #1] introduce stricter CA check: EAP types are only marked as
               complete if at least one *root CA* was uploaded

And I think I know it usually works, because people have had their
(broken) setups checked, and got a complaint by the UI.

For a strange reason, in this case the check doesn't seem to have caught
this error condition. I've looked into the code, and yes, seems like
this particular condition (root CA is masked), is not caught by those
checks.

I'll expand the checks to also consider that an uploaded root CA may be
masked. This will be a 1.0.4 fix; possibly a hotfix if more people fall
into this.

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature