zeroleo12345 · zeroleo12345 · Jan 2, 2026 · Jan 2, 2026 · Jan 2, 2026 · Jan 2, 2026
diff --git a/.env.x b/.env.x
diff --git a/.gitattributes b/.gitattributes
diff --git a/lib/libhostapd.so b/lib/libhostapd.so
diff --git a/tools/simulator/etc/README → tools/simulator/etc/README.md b/tools/simulator/etc/README → tools/simulator/etc/README.md
@@ -3,30 +3,64 @@
     vim /usr/local/ssl/openssl.cnf
 
 - MacOS
-    $ openssl version -a | grep OPENSSLDIR
-    OPENSSLDIR: "/private/etc/ssl"
-    $ sudo ln -s /usr/local/etc/openssl/openssl.cnf   /private/etc/ssl/openssl.cnf
-    $ vim /private/etc/ssl/openssl.cnf
+> LibreSSL 不是标准的 OpenSSL
+``` bash
+    alias openssl=/usr/bin/openssl
+    # alias openssl=/$HOMEBREW_PREFIX/bin/openssl
+    openssl version
+        LibreSSL 3.3.6
+    openssl version -a | grep OPENSSLDIR
+        OPENSSLDIR: "/private/etc/ssl"
+    # sudo ln -s /usr/local/etc/openssl/openssl.cnf   /private/etc/ssl/openssl.cnf
+    # vim /private/etc/ssl/openssl.cnf
 
     [ CA_default ]
     #dir     = ./demoCA      # TSA root directory
     dir     = ./     # TSA root directory
+```
+
+# 进入目录
+cd ~/github/radius_server_python/tools/simulator/etc/certs
+
 
 # 清理
 rm -rf  ./newcerts/  ./*.old  ./*.attr  index.txt  serial  dh  *.csr *.key *.cer *.p12
 
-# 生成dh文件
+
+# 创建 CA状态信息 数据文件: index.txt
+touch index.txt
+
+
+# 生成dh文件: dh
 openssl dhparam -out ./dh 2048
 
+cat ./dh
+
 # 报错则更换序列号: ERROR:Serial number 99 has already been issued
-touch index.txt && echo 01 > serial
+[ ! -f serial ] && echo 01 > serial
 
+cat ./serial
 
-# 生成CA根证书私钥(KEY)
-openssl genrsa -out ./ca.key 2048
+# 生成CA根证书私钥(KEY): radius.ca.key
+openssl genrsa -out ./radius.ca.key 2048
 
-# 生成CA根证书(CER). 提供CA根证书私钥
-openssl req -new -sha256 -x509 -days 3650 -key ./ca.key -out ./ca.cer -subj "/C=CN/ST=GuangDong/L=GuangZhou/O=zhuzaiyuan/OU=zhuzaiyuan/CN=WIFI/emailAddress=1000@gmail.com"
+cat ./radius.ca.key
+
+# 生成 radius.ca.cer
+openssl req -config ../openssl.macOS.cnf -new -sha256 -x509 -days 36500 -key ./radius.ca.key -out ./radius.ca.cer -subj "/C=CN/ST=GuangDong/L=GuangZhou/O=zhuzaiyuan/OU=zhuzaiyuan/CN=WIFI/emailAddress=10000@gmail.com"
+
+cat ./radius.ca.cer
+
+    # 生成CA根证书(CER). 提供CA根证书私钥
+    | 字段         | 含义    | 你填的值                                |
+    | ------------ | ------- | --------------------------------------- |
+    | C            | 国家    | CN (两位国家代码)                       |
+    | ST           | 省 / 州 | GuangDong                               |
+    | L            | 城市    | GuangZhou                               |
+    | O            | 组织    | zhuzaiyuan                              |
+    | OU           | 组织单位| zhuzaiyuan                              |
+    | CN           | 通用名  | WIFI                                    |
+    | emailAddress | 邮箱    | 10000@gmail.com                          |
     You are about to be asked to enter information that will be incorporated
     into your certificate request.
     What you are about to enter is what is called a Distinguished Name or a DN.
@@ -40,20 +74,29 @@ openssl req -new -sha256 -x509 -days 3650 -key ./ca.key -out ./ca.cer -subj "/C=
     Organization Name (eg, company) [Internet Widgits Pty Ltd]:zhuzaiyuan
     Organizational Unit Name (eg, section) []:zhuzaiyuan
     Common Name (e.g. server FQDN or YOUR name) []:WIFI
-    Email Address []:1000@gmail.com
+    Email Address []:10000@gmail.com
+
+
+# 生成服务端私钥(KEY-加密格式的), 并使用des3加密: radius.server.key
+openssl genrsa  -des3 -passout pass:123456  -out ./radius.server.key 2048
 
+cat ./radius.server.key
 
-# 生成服务端私钥(KEY), 并使用des3加密
-openssl genrsa  -des3 -passout pass:123456  -out ./server.key 2048
     Generating RSA private key, 2048 bit long modulus
     ...............................................+++
     ..............................................+++
     e is 65537 (0x10001)
     Enter pass phrase for server.key:123456
     Verifying - Enter pass phrase for server.key:123456
 
-# 生成服务端证书签名请求(CSR). 提供服务端私钥
-openssl req -new -sha256 -days 3650 -key ./server.key  -passin pass:123456 -out ./server.csr -subj "/C=CN/ST=GuangDong/L=GuangZhou/O=zhuzaiyuan/OU=zhuzaiyuan/CN=WIFI/emailAddress=1000@gmail.com"
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+-----END ENCRYPTED PRIVATE KEY-----
+
+# 生成服务端证书签名请求(CSR). 提供服务端私钥: radius.server.csr
+openssl req -config ../openssl.macOS.cnf -new -sha256 -key ./radius.server.key  -passin pass:123456 -out ./radius.server.csr -subj "/C=CN/ST=GuangDong/L=GuangZhou/O=zhuzaiyuan/OU=zhuzaiyuan/CN=WIFI/emailAddress=10000@gmail.com"
+
+cat ./radius.server.csr
+
     You are about to be asked to enter information that will be incorporated
     into your certificate request.
     What you are about to enter is what is called a Distinguished Name or a DN.
@@ -67,17 +110,25 @@ openssl req -new -sha256 -days 3650 -key ./server.key  -passin pass:123456 -out
     Organization Name (eg, company) [Internet Widgits Pty Ltd]:zhuzaiyuan
     Organizational Unit Name (eg, section) []:zhuzaiyuan
     Common Name (e.g. server FQDN or YOUR name) []:WIFI
-    Email Address []:1000@gmail.com
+    Email Address []:10000@gmail.com
 
     Please enter the following 'extra' attributes
     to be sent with your certificate request
     A challenge password []:123456
     An optional company name []:WIFI
 
 
-# 生成服务端证书(CER). 提供CA根证书私钥、CA根证书、服务端证书签名请求
+# 确认必要文件已存在
+ls -al index.txt serial
+
+
+# 生成服务端证书(CER). 提供CA根证书私钥、CA根证书、服务端证书签名请求: server.cer
+> 可以指定 -notext 不生成 Certificate Details: 文本
 mkdir newcerts
-openssl ca -md sha256 -days 3650 -keyfile ./ca.key -cert ./ca.cer -in ./server.csr -out ./server.cer
+openssl ca -config ../openssl.macOS.cnf -md sha256 -days 36500 -keyfile ./radius.ca.key -cert ./radius.ca.cer -in ./radius.server.csr -out ./radius.server.cer
+
+cat radius.server.cer
+
     Using configuration from /usr/local/ssl/openssl.cnf
     Check that the request matches the signature
     Signature ok
@@ -110,52 +161,45 @@ openssl ca -md sha256 -days 3650 -keyfile ./ca.key -cert ./ca.cer -in ./server.c
     Data Base Updated
 
 
-# 合成p12证书文件(暂不用.p12证书)
-openssl pkcs12 -export -out certificate.p12 -inkey server.key -in server.cer
+# 合成p12证书文件(AC侧需要使用.p12证书): radius.certificate.p12
+openssl pkcs12 -export -out radius.certificate.p12 -inkey ./radius.server.key -in ./radius.server.cer
+
+    Enter pass phrase for server.key: 123456
+    Enter Export Password: 123456
+    Verifying - Enter Export Password: 123456
 
 
 # 查看公钥CER过期时间
-openssl x509 -noout -dates -in server.cer
+openssl x509 -noout -dates -in ./radius.server.cer
+
 
 # 验证私钥KEY密码
-openssl rsa -check -in server.key
+openssl rsa -check -in ./radius.server.key
+
+    Enter pass phrase for server.key: 123456
+
 
+## hostapd 不需要用到 client 证书, 用于 mTLS !!!!
+# 生成客户端私钥: client.key
+openssl genrsa -des3 -out ./radius.client.key 2048
 
-## hostapd 不需要用到 client 证书 !!!!
-# 生成客户端私钥
-openssl genrsa -des3 -out ./client.key 2048
     Generating RSA private key, 2048 bit long modulus
     ....++++++++++++
     .++++++++++++
     e is 65537 (0x10001)
-    Enter pass phrase for client.key:123456
-    Verifying - Enter pass phrase for client.key:123456
+    Enter pass phrase for client.key: 123456
+    Verifying - Enter pass phrase for client.key: 123456
+
 
 # 通过客户端私钥, 生成客户端证书签名请求
-openssl req -new -days 3650 -key ./client.key -out ./client.csr
-    Enter pass phrase for client.key:123456
-    You are about to be asked to enter information that will be incorporated
-    into your certificate request.
-    What you are about to enter is what is called a Distinguished Name or a DN.
-    There are quite a few fields but you can leave some blank
-    For some fields there will be a default value,
-    If you enter '.', the field will be left blank.
-    -----
-    Country Name (2 letter code) [AU]:CN
-    State or Province Name (full name) [Some-State]:GuangDong
-    Locality Name (eg, city) []:GuangZhou
-    Organization Name (eg, company) [Internet Widgits Pty Ltd]:zhuzaiyuan
-    Organizational Unit Name (eg, section) []:zhuzaiyuan
-    Common Name (e.g. server FQDN or YOUR name) []:WIFI
-    Email Address []:1000@gmail.com
+openssl req -config ../openssl.macOS.cnf -new -days 36500 -key ./radius.client.key -out ./radius.client.csr -subj "/C=CN/ST=GuangDong/L=GuangZhou/O=client/OU=client/CN=WIFI/emailAddress=10000@gmail.com"
+
+    Enter pass phrase for ./client.key: 123456
+
 
-    Please enter the following 'extra' attributes
-    to be sent with your certificate request
-    A challenge password []:123456
-    An optional company name []:WIFI
-
 # 通过CA根证书私钥、CA根证书、客户端证书签名请求, 生成客户端证书
-openssl ca -days 3650 -keyfile ./ca.key -cert ./ca.cer -in ./client.csr -out ./client.cer
+openssl ca -config ../openssl.macOS.cnf -days 36500 -keyfile ./radius.ca.key -cert ./radius.ca.cer -in ./radius.client.csr -out ./radius.client.cer
+
     Using configuration from /usr/local/ssl/openssl.cnf
     Check that the request matches the signature
     Signature ok
@@ -186,3 +230,6 @@ openssl ca -days 3650 -keyfile ./ca.key -cert ./ca.cer -in ./client.csr -out ./c
     failed to update database
     TXT_DB error number 2
 
+
+# 修改证书权限
+chmod 600 *.key *.cer
diff --git a/tools/simulator/etc/certs/ca.cer b/tools/simulator/etc/certs/ca.cer
diff --git a/tools/simulator/etc/certs/ca.key b/tools/simulator/etc/certs/ca.key
diff --git a/tools/simulator/etc/certs/dh b/tools/simulator/etc/certs/dh
@@ -1,8 +1,8 @@
 -----BEGIN DH PARAMETERS-----
-MIIBDAKCAQEA/vZyyu0RlRuBiWQD5wGVbzl+5MJFGgXOp8degAMROcPd61E7qRpz
-KE3L7jdDAds2SE7eoLGRJrSu3Y1uvuBg5cYdPe+/XNTZ/MSp1itrMVRHyRU+nAM5
-Im1Th8/paT3Ps+LywLVSrpn/hqdLu353fnMVL+d6pnryPUUEPoA+iXvddUc8tPb3
-AR03LEjNHecvgr3L7RFt0ElrFEukqyy5METYfvLpqy1WoOYqh/CCXDBG222omjWJ
-3iYBNhwUZYII8iNGYUWrprp2c1BOkqA0mR385qPK6uf2GBVk43BG/N8c4XFJOy+I
-FfEA2Et9OCaC3VyeJiR9I/zA1wHbvrjn3wIBAgICAOE=
+MIIBCAKCAQEA4D3f7qs1enleikIdfLuhPaX7+7AHdUeWPk3hnGPh6iST4bnqEm9L
+wBoDoA6AM+JSAGVsUtYlFDe8hPqmKUO27fLX51oYnkTIizUoASz/KotkJOLx+yIU
+/8z0/cQQsUjtiNY2+5Yc8TbWKdhjBgJnqVAaYKpKfdX2lLOsDsyN0y4AqKI8HZT1
+wBZE/pdr28A3/LnEGM7WYaMFlmXv0/JEWVVp7XCmuQt9ll9PxCp2c2cd6yYC5QOd
+UOJHGK1kk7VS4I+1vhrSkJxKu+CvyglCzxItqsNN1xXGXb+oAx0VahxFvPchwQVo
+bX0WHtXYUx6utObJq8JDG/B2Cd3HtYd5wwIBAg==
 -----END DH PARAMETERS-----
diff --git a/tools/simulator/etc/certs/index.txt b/tools/simulator/etc/certs/index.txt
@@ -1 +1 @@
-V	340126034054Z		01	unknown	/C=CN/ST=GuangDong/O=zhuzaiyuan/OU=zhuzaiyuan/CN=WIFI/emailAddress=1000@gmail.com
+V	21251210000742Z		01	unknown	/C=CN/ST=GuangDong/O=zhuzaiyuan/OU=zhuzaiyuan/CN=WIFI/emailAddress=10000@gmail.com
diff --git a/tools/simulator/etc/certs/radius.ca.cer b/tools/simulator/etc/certs/radius.ca.cer
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8zCCAtugAwIBAgIJAJiBHt8vVSqSMA0GCSqGSIb3DQEBCwUAMIGOMQswCQYD
+VQQGEwJDTjESMBAGA1UECAwJR3VhbmdEb25nMRIwEAYDVQQHDAlHdWFuZ1pob3Ux
+EzARBgNVBAoMCnpodXphaXl1YW4xEzARBgNVBAsMCnpodXphaXl1YW4xDTALBgNV
+BAMMBFdJRkkxHjAcBgkqhkiG9w0BCQEWDzEwMDAwQGdtYWlsLmNvbTAgFw0yNjAx
+MDMwMDA3MjRaGA8yMTI1MTIxMDAwMDcyNFowgY4xCzAJBgNVBAYTAkNOMRIwEAYD
+VQQIDAlHdWFuZ0RvbmcxEjAQBgNVBAcMCUd1YW5nWmhvdTETMBEGA1UECgwKemh1
+emFpeXVhbjETMBEGA1UECwwKemh1emFpeXVhbjENMAsGA1UEAwwEV0lGSTEeMBwG
+CSqGSIb3DQEJARYPMTAwMDBAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAmcoRlJ3RHGU079W7ue1fJl/3xnDX6Cya8mDeoMTtHU+osUr0
++SqawrQOc840KcqHF42KmNoXY9AKtVcQgdQzbWyQQ8US2GpMJ7jH7JIDgVwXqHOK
+pHRPoQ/nwVai4TpQEyLBblP2QX32AXt7tKLQ5LCAqFpyX6KtEkmlVvKjm/3gQ5K4
+G+mxJ+jRWUGPKw3JDEcZjvPlTh0XrVrE3tXctzccRlfIhDuA5UfS/8za3igQ23FE
+F/pFKOJFrV9LF0bhuixhNG35Yq4FM90sfGgFyg3+fAAoe3Hv/jXCQ/6wbEl+hFKP
+FySlMAE1IFNLG86rOAegbd4PXp3b9TDLMIzg7QIDAQABo1AwTjAdBgNVHQ4EFgQU
+0pmMS8psZ54+hcPI6XCtxJBBcNcwHwYDVR0jBBgwFoAU0pmMS8psZ54+hcPI6XCt
+xJBBcNcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAPfAUJWIfKVnk
+vbU65hAB1LZlNdNPeIPHX214p4LbEtYj4XSfO8oE8pk/knEUrShWaEqcxLMuBEOy
+andiq1661qJCbwadv3/zSimcbLAMNoq86wOE5MdtDJ0E2ELCYG2ha+cvOG1jSQAB
+PRUtCYCOeXlHg4HiyYRJfpAT3thZWNiXxLDxbTPzaC7fPMztWYzdM3Y690KfZ4Uu
+IXiULFB/Cbu17UG4FNJVzG262Uyd8x47x0/8VVNo4eRvlZcaNyZRiXLw7fXl70Fh
+qi2i7UhiGg7qT1tl+gpSa9Ah60cuqrPj+tw4sh7Rg44Xf9KyPe7yHfRZ++G/wTT2
+r/NKGR/yUQ==
+-----END CERTIFICATE-----
diff --git a/tools/simulator/etc/certs/radius.ca.key b/tools/simulator/etc/certs/radius.ca.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAmcoRlJ3RHGU079W7ue1fJl/3xnDX6Cya8mDeoMTtHU+osUr0
++SqawrQOc840KcqHF42KmNoXY9AKtVcQgdQzbWyQQ8US2GpMJ7jH7JIDgVwXqHOK
+pHRPoQ/nwVai4TpQEyLBblP2QX32AXt7tKLQ5LCAqFpyX6KtEkmlVvKjm/3gQ5K4
+G+mxJ+jRWUGPKw3JDEcZjvPlTh0XrVrE3tXctzccRlfIhDuA5UfS/8za3igQ23FE
+F/pFKOJFrV9LF0bhuixhNG35Yq4FM90sfGgFyg3+fAAoe3Hv/jXCQ/6wbEl+hFKP
+FySlMAE1IFNLG86rOAegbd4PXp3b9TDLMIzg7QIDAQABAoIBAHXxT5xPkDCbuYZ5
+vzfvQLq4fNi2cA8CLm7WNcbMYCDLl88ockmpD/lkh3Tu3nhydzpr9bAWCjwlMCE0
+vVckO7CewuEGgdZxZyhLgSAANyn9S7OHsPtArFUUUqOm4tGinAig7gHD6Kb/iCxI
+3G2DNHs+ld0HSJHpu5u72U6eVTVqxSxVKFetnjnW99URt7bZndNFOltK6SS9opfm
+Dq9e0p74oUgx5gHq8qvL8GxzDQL57N0mCuOuQr1scLZm+yP+NuT9tpqV041+pIgm
+XqTO1cw7caejsYlovWTnbNWV5xP7qP92KzBP0QgaLD8dKIA88zGM0rADya0u2ZJs
+QaJfAiECgYEAyn7wD8DLfhf0eFIH+V3vNY7N9lb98gcDfIL9AsBchf4+YpaBLFDW
+zTJO/FvRT08VPKtDnCaK8WJ9cmwAUp9xZbLDzx76B7/EMad17Jvxh1edEL80gPVN
+QbNPrEZ1oDdUaUw05qrqABTQ6/2eu3nZlonMYDtDRTYq7P43qIRVxiUCgYEAwmyQ
+Qb1ip8klFprW5CZ7TvbEd0hgHXvIRdaClKcvBVSzjjXcQKxOXUUyGPMgcIH0B6Gb
+7u0ioOVcYn471V1LocE6dPqAYE87k1Ogp0B2CE4T+XZLu4FDK8aT82vcLJpsr74W
+R4IJ/vrZeMcjlDwtsR37F8reqoNFokblES3CASkCgYBPteQ970CrZDah3nixGt79
+EDfXTqssSMKAkveRy7MgM9LO8Dvs++1yXOlmwaYFODY96ZT1tN5g4spK7mS6IXV7
++QDHWYRG5KAQg8ER4NkU09JKM1oxoV5GDJXCVQIcjWs2//6bBpCSc59CJlYDqpWS
+gq/m+a0jY41GOVQji+RP2QKBgF8NBFmfZSPySpeKi5Ru28n3CoXmdFb1tSuve5eB
+RJOunTnhSxSzKHyg36Ui97EJV2yDreBZPpy6hTgBzu649cjW1uVpsmljUxTrxZb/
+BLV6tnk3RD8fKt+z7ZEMIlAMDya8H9hF0u09ZiSN9u75nL0Ck0dGfyWNl/WGA2cq
+n7ZBAoGBALVJHRJfz3hveYsu4KhO8Y4ZtPVLNB/qwX2XBQGnp8XhYoaDnRRXd2NL
+awuvLBcLre8et/Aurzb56/uoIWgJwyNjRSO96y/WOEwuaVfeN4OVtADGxTSqfmJb
+dNDcIcX6XH6Iuz8TagDMzhQmCxnp8cfg95FQZV9okRXnoXDcdDnZ
+-----END RSA PRIVATE KEY-----
diff --git a/tools/simulator/etc/certs/radius.certificate.p12 b/tools/simulator/etc/certs/radius.certificate.p12
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		V 340126034054Z 01 unknown /C=CN/ST=GuangDong/O=zhuzaiyuan/OU=zhuzaiyuan/CN=WIFI/emailAddress=1000@gmail.com
		V 21251210000742Z 01 unknown /C=CN/ST=GuangDong/O=zhuzaiyuan/OU=zhuzaiyuan/CN=WIFI/emailAddress=10000@gmail.com