让 wpa_supplicant 忽略服务器证书信任

让 wpa_supplicant 忽略服务器证书信任

如何让 wpa_supplicant 接受 PEAP MSCHAPv2 的任何服务器证书,而不必手动将公钥放入客户端配置中?

答案1

只需不要在 wpa_supplicant.conf 文件中包含ca_cert或标签/值对即可。ca_path

来自示例 wpa_supplicant.conf 文件。请注意第三句(重点是我的):

# ca_cert: File path to CA certificate file (PEM/DER). This file can have one # or more trusted CA certificates. If ca_cert and ca_path are not # included, server certificate will not be verified. This is insecure and # a trusted CA certificate should always be configured when using # EAP-TLS/TTLS/PEAP. Full path should be used since working directory may # change when wpa_supplicant is run in the background.

相关内容