diff options
author | Bernhard Lichtinger <bernhard.lichtinger@lrz.de> | 2016-12-02 10:22:12 +0100 |
---|---|---|
committer | Daniel Wagner <daniel.wagner@bmw-carit.de> | 2016-12-05 09:07:54 +0100 |
commit | 9e6cf2fe67001829f62bf2505363bec402d500a8 (patch) | |
tree | 7f6566111cb8d0777b7a2fcc7d6a137e6e6a18bc /gsupplicant | |
parent | 05dd22a2add24b6868f71eaaee8244cb17bd9726 (diff) | |
download | connman-9e6cf2fe67001829f62bf2505363bec402d500a8.tar.gz |
wifi: Adds support for additional wpa_supplicant options
subject_match, altsubject_match, domain_suffix_match, domain_match
they are used for 802.1X aka. enterprise-wpa to check the
authentication server's certificate in order to prevent MITM attacks
using a valid certificate issued by the same root-CA as configured by
CACertFile.
More details at
https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
Diffstat (limited to 'gsupplicant')
-rw-r--r-- | gsupplicant/gsupplicant.h | 4 | ||||
-rw-r--r-- | gsupplicant/supplicant.c | 20 |
2 files changed, 24 insertions, 0 deletions
diff --git a/gsupplicant/gsupplicant.h b/gsupplicant/gsupplicant.h index 26fd2caf..678cf8b0 100644 --- a/gsupplicant/gsupplicant.h +++ b/gsupplicant/gsupplicant.h @@ -144,6 +144,10 @@ struct _GSupplicantSSID { const char *identity; const char *anonymous_identity; const char *ca_cert_path; + const char *subject_match; + const char *altsubject_match; + const char *domain_suffix_match; + const char *domain_match; const char *client_cert_path; const char *private_key_path; const char *private_key_passphrase; diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c index 72000419..88904472 100644 --- a/gsupplicant/supplicant.c +++ b/gsupplicant/supplicant.c @@ -4512,6 +4512,26 @@ static void add_network_security_eap(DBusMessageIter *dict, DBUS_TYPE_STRING, &ssid->anonymous_identity); + if(ssid->subject_match) + supplicant_dbus_dict_append_basic(dict, "subject_match", + DBUS_TYPE_STRING, + &ssid->subject_match); + + if(ssid->altsubject_match) + supplicant_dbus_dict_append_basic(dict, "altsubject_match", + DBUS_TYPE_STRING, + &ssid->altsubject_match); + + if(ssid->domain_suffix_match) + supplicant_dbus_dict_append_basic(dict, "domain_suffix_match", + DBUS_TYPE_STRING, + &ssid->domain_suffix_match); + + if(ssid->domain_match) + supplicant_dbus_dict_append_basic(dict, "domain_match", + DBUS_TYPE_STRING, + &ssid->domain_match); + g_free(eap_value); } |