From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 19 Aug 2017 10:09:42 +0000 (+0000)
Subject: wireless networks: Verify server certificates against CAs
X-Git-Tag: 010~197
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4ed1b7543c00bf970d587cd5fc425935d7db261f;p=network.git

wireless networks: Verify server certificates against CAs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/functions/functions.constants b/src/functions/functions.constants
index 4830622a..5f3afbdf 100644
--- a/src/functions/functions.constants
+++ b/src/functions/functions.constants
@@ -53,6 +53,7 @@ NETWORK_SETTINGS_FILE=${NETWORK_CONFIG_DIR}/config
 NETWORK_SETTINGS_FILE_PARAMS="DEBUG"
 NETWORK_WIRELESS_NETWORKS_DIR="${NETWORK_CONFIG_DIR}/wireless/networks"
 
+CA_BUNDLE="/etc/pki/tls/certs/ca-bundle.crt"
 CONFIG_HOSTNAME="/etc/hostname"
 
 RED_DB_DIR=${RUN_DIR}/red
diff --git a/src/functions/functions.wireless-networks b/src/functions/functions.wireless-networks
index 4a65882d..0fbf8bfd 100644
--- a/src/functions/functions.wireless-networks
+++ b/src/functions/functions.wireless-networks
@@ -477,6 +477,11 @@ wireless_network_to_wpa_supplicant() {
 		print
 	fi
 
+	# Validate server certificates
+	if isset CA_BUNDLE; then
+		print_indent 1 "ca_cert=${CA_BUNDLE}"
+	fi
+
 	print_indent 0 "}"
 	print
 }