From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 19 Aug 2017 10:31:11 +0000 (+0000)
Subject: wireless networks: Allow using a custom CA per network
X-Git-Tag: 010~196
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a7dadb04131e48740daf163bedeae7dba2c65e06;p=network.git

wireless networks: Allow using a custom CA per network

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/functions/functions.wireless-networks b/src/functions/functions.wireless-networks
index 0fbf8bfd..6efc95b0 100644
--- a/src/functions/functions.wireless-networks
+++ b/src/functions/functions.wireless-networks
@@ -430,6 +430,9 @@ wireless_network_to_wpa_supplicant() {
 	assert isset auth_alg
 	assert isset key_mgmt
 
+	# Read CA certificate
+	local ca_cert_path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/ca.pem"
+
 	print_indent 0 "# ${SSID}"
 	print_indent 0 "network={"
 	print_indent 1 "ssid=\"${SSID}\""
@@ -478,8 +481,11 @@ wireless_network_to_wpa_supplicant() {
 	fi
 
 	# Validate server certificates
-	if isset CA_BUNDLE; then
-		print_indent 1 "ca_cert=${CA_BUNDLE}"
+	if file_exists "${ca_cert_path}"; then
+		print_indent 1 "ca_cert=\"${ca_cert_path}\""
+
+	elif isset CA_BUNDLE; then
+		print_indent 1 "ca_cert=\"${CA_BUNDLE}\""
 	fi
 
 	print_indent 0 "}"