The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Paul Dekkers <paul.dekkers AT surf.nl>]

Hi,

Op 01-10-2021 om 15:20 schreef Martin Pauly:
> Am 01.10.21 um 15:16 schrieb Paul Dekkers:
>> You seem to be using a private CA (in fact, there is no CA the entire
>> certificate is self signed). One issue is likely that you have no
>> subjectAltName DNS: entry with your hostname, and the geteduroam
>> installer expects that.
>
> this has been fixed (or rather, completed) in the beta version, right?
> Could we have it in the production version on play.google.com?

It will only fix it for Android 11 and up, so it won't solve it for 10
and lower.

So: we have a beta that works with "Suggestions", we also have a version
that uses "Actions" and creates a user network. This API was buggy in
the initial releases of Android 11 (crash buggy) but is better now,
apart from a UI bug that we need to iron out.

For at least that version with Suggestions we had very little feedback,
but we believe it works well; so maybe the little feedback is also good
news. But Suggestions work very odd on Samsungs. (You need to switch
WiFi off and on for it to connect; it's a modification from Samsung from
the stock Android.) The version with Actions works better, but has a UI
bug and is even more untested. So I guess we should maybe make this a
new beta, and fix the remaining UI bug. The summer vacation interfered
there ;-)

Regards,
Paul

P.S. I actually also think that using server certificates with proper
attributes isn't bad per se ;-)
And in the case of the report, not abuse a CA certificate for a server,
properly consider MitM risks.

There is one more caveat, currently there is a bug in iOS 15 that
affects the installation of a private CA. We hope that Apple fixes this
bug though.