Skip to content

manifest: hostap: Enable server certificate verification#98190

Merged
nashif merged 3 commits intozephyrproject-rtos:mainfrom
D-Triveni:enable_server_cert_verification
Nov 14, 2025
Merged

manifest: hostap: Enable server certificate verification#98190
nashif merged 3 commits intozephyrproject-rtos:mainfrom
D-Triveni:enable_server_cert_verification

Conversation

@D-Triveni
Copy link
Contributor

@D-Triveni D-Triveni commented Oct 24, 2025

Enable hostname validation for server certificate verification.

Fixes #88697

@github-actions
Copy link

github-actions bot commented Oct 24, 2025

The following west manifest projects have changed revision in this Pull Request:

Name Old Revision New Revision Diff
hostap zephyrproject-rtos/hostap@cf05f33 zephyrproject-rtos/hostap@6086dea (main) zephyrproject-rtos/hostap@cf05f33f..6086dea5

All manifest checks OK

Note: This message is automatically posted and updated by the Manifest GitHub Action.

@github-actions github-actions bot added manifest manifest-hostap DNM (manifest) This PR should not be merged (controlled by action-manifest) labels Oct 24, 2025
@zephyrbot zephyrbot added area: Wi-Fi Wi-Fi size: XS A PR changing only a single line of code labels Oct 24, 2025
@krish2718
Copy link
Contributor

I only see the revert, so, how would this feature work without any support to configure the cert details?

Copy link
Contributor

@krish2718 krish2718 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can also add domain_match to have a stricter subdomain check.

@MaochenWang1
Copy link
Contributor

Is domain_match a more suitable parameter for certificate verification than domain_suffix_match?

@krish2718
Copy link
Contributor

Is domain_match a more suitable parameter for certificate verification than domain_suffix_match?

#98190 (review) IMHO we can add both and leave it to the user how strict the check needs to be.

@D-Triveni D-Triveni force-pushed the enable_server_cert_verification branch from 559424b to e327970 Compare October 31, 2025 09:00
krish2718
krish2718 previously approved these changes Nov 3, 2025
@tomi-font tomi-font removed their request for review November 5, 2025 10:29
@D-Triveni D-Triveni force-pushed the enable_server_cert_verification branch from e327970 to e1d436b Compare November 6, 2025 10:30
krish2718
krish2718 previously approved these changes Nov 6, 2025
@krish2718 krish2718 added this to the v4.3.0 milestone Nov 6, 2025
@D-Triveni D-Triveni force-pushed the enable_server_cert_verification branch 2 times, most recently from d1d2c83 to c1de2df Compare November 7, 2025 07:52
@D-Triveni D-Triveni force-pushed the enable_server_cert_verification branch from c1de2df to 098d10a Compare November 7, 2025 09:43
@github-actions github-actions bot removed the DNM (manifest) This PR should not be merged (controlled by action-manifest) label Nov 7, 2025
jukkar
jukkar previously approved these changes Nov 7, 2025
Enable hostname validation for server certificate verification.

Signed-off-by: Triveni Danda <triveni.danda@nordicsemi.no>
Add support to handle domain match and suffix match parameters
for proper server certification validation.

Signed-off-by: Triveni Danda <triveni.danda@nordicsemi.no>
Add instructions for verifying the authentication server’s certificate
domain using exact domain match and domain suffix match options.

Signed-off-by: Triveni Danda <triveni.danda@nordicsemi.no>
@D-Triveni D-Triveni force-pushed the enable_server_cert_verification branch from 07b8496 to d59ef37 Compare November 10, 2025 10:05
@jhedberg
Copy link
Member

The referenced issue needs to be elevated to a release blocker for the 4.3 milestone to make sense. Is that's what's being proposed here? Can it be justified?

@krish2718
Copy link
Contributor

The referenced issue needs to be elevated to a release blocker for the 4.3 milestone to make sense. Is that's what's being proposed here? Can it be justified?

Not really, the fix was delayed, so, we missed this before RC1 as intended. I would say this is still a feature and can be skipped for 4.3.

@jhedberg jhedberg modified the milestones: v4.3.0, v4.4.0 Nov 11, 2025
@nashif nashif merged commit 0186d12 into zephyrproject-rtos:main Nov 14, 2025
38 of 40 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

7 participants