wifi: Adds support for additional wpa_supplicant options

subject_match, altsubject_match, domain_suffix_match, domain_match
they are used for 802.1X aka. enterprise-wpa to check the
authentication server's certificate in order to prevent MITM attacks
using a valid certificate issued by the same root-CA as configured by
CACertFile.

More details at
https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf

2 files changed, 24 insertions, 0 deletions

diff --git a/gsupplicant/gsupplicant.h b/gsupplicant/gsupplicant.h
index 26fd2caf..678cf8b0 100644
--- a/gsupplicant/gsupplicant.h
+++ b/gsupplicant/gsupplicant.h
@@ -144,6 +144,10 @@ struct _GSupplicantSSID {
 	const char *identity;
 	const char *anonymous_identity;
 	const char *ca_cert_path;
+	const char *subject_match;
+	const char *altsubject_match;
+	const char *domain_suffix_match;
+	const char *domain_match;
 	const char *client_cert_path;
 	const char *private_key_path;
 	const char *private_key_passphrase;
diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c
index 72000419..88904472 100644
--- a/gsupplicant/supplicant.c
+++ b/gsupplicant/supplicant.c
@@ -4512,6 +4512,26 @@ static void add_network_security_eap(DBusMessageIter *dict,
 						     DBUS_TYPE_STRING,
 						     &ssid->anonymous_identity);
 
+	if(ssid->subject_match)
+		supplicant_dbus_dict_append_basic(dict, "subject_match",
+						     DBUS_TYPE_STRING,
+						     &ssid->subject_match);
+
+	if(ssid->altsubject_match)
+		supplicant_dbus_dict_append_basic(dict, "altsubject_match",
+						     DBUS_TYPE_STRING,
+						     &ssid->altsubject_match);
+
+	if(ssid->domain_suffix_match)
+		supplicant_dbus_dict_append_basic(dict, "domain_suffix_match",
+						     DBUS_TYPE_STRING,
+						     &ssid->domain_suffix_match);
+
+	if(ssid->domain_match)
+		supplicant_dbus_dict_append_basic(dict, "domain_match",
+						     DBUS_TYPE_STRING,
+						     &ssid->domain_match);
+
 	g_free(eap_value);
 }