The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,

> [service_eduroam]
> Type=wifi
> Name=eduroam
> EAP=peap
> CACertFile=/var/lib/connman/eduroam_ff-ul.pem
> Phase2=MSCHAPV2
> AnonymousIdentity=anonymous AT ff.uni-lj.si
> 
> As you can see, I placed also the *.pem file there, but actually I could
> choose any other file name and folder for the *.pem.

> There is also a man page describing the possible items of the *.config
> file:
> 
> https://www.mankier.com/5/connman-service.config

There's a catch with ConnMan in its current version apparently: it does
not allow to pin the expected server name - only the CA.

That's not proper security; we always looked in despise on Android 4.2
and lower because that was not possible. There are workarounds, like a
private CA which issues only one server certificate (or at least only
issues certificates to "eduroam club" servers) - and Slovenia implements
this workaround AFAIK. But it's not a tool that is fit for general use
at this point.

In the absence of someone who actually works on the product, we will
have to resort to submitting a feature request. As we've learned at
other products, the time to implement such requests "varies greatly" :-/

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature