From 4ed1b7543c00bf970d587cd5fc425935d7db261f Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 19 Aug 2017 10:09:42 +0000
Subject: [PATCH] wireless networks: Verify server certificates against CAs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/functions/functions.constants         | 1 +
 src/functions/functions.wireless-networks | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/src/functions/functions.constants b/src/functions/functions.constants
index 4830622..5f3afbd 100644
--- a/src/functions/functions.constants
+++ b/src/functions/functions.constants
@@ -53,6 +53,7 @@ NETWORK_SETTINGS_FILE=${NETWORK_CONFIG_DIR}/config
 NETWORK_SETTINGS_FILE_PARAMS="DEBUG"
 NETWORK_WIRELESS_NETWORKS_DIR="${NETWORK_CONFIG_DIR}/wireless/networks"
 
+CA_BUNDLE="/etc/pki/tls/certs/ca-bundle.crt"
 CONFIG_HOSTNAME="/etc/hostname"
 
 RED_DB_DIR=${RUN_DIR}/red
diff --git a/src/functions/functions.wireless-networks b/src/functions/functions.wireless-networks
index 4a65882..0fbf8bf 100644
--- a/src/functions/functions.wireless-networks
+++ b/src/functions/functions.wireless-networks
@@ -477,6 +477,11 @@ wireless_network_to_wpa_supplicant() {
 		print
 	fi
 
+	# Validate server certificates
+	if isset CA_BUNDLE; then
+		print_indent 1 "ca_cert=${CA_BUNDLE}"
+	fi
+
 	print_indent 0 "}"
 	print
 }
-- 
2.47.3