From a7dadb04131e48740daf163bedeae7dba2c65e06 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 19 Aug 2017 10:31:11 +0000
Subject: [PATCH] wireless networks: Allow using a custom CA per network

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/functions/functions.wireless-networks | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/functions/functions.wireless-networks b/src/functions/functions.wireless-networks
index 0fbf8bf..6efc95b 100644
--- a/src/functions/functions.wireless-networks
+++ b/src/functions/functions.wireless-networks
@@ -430,6 +430,9 @@ wireless_network_to_wpa_supplicant() {
 	assert isset auth_alg
 	assert isset key_mgmt
 
+	# Read CA certificate
+	local ca_cert_path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/ca.pem"
+
 	print_indent 0 "# ${SSID}"
 	print_indent 0 "network={"
 	print_indent 1 "ssid=\"${SSID}\""
@@ -478,8 +481,11 @@ wireless_network_to_wpa_supplicant() {
 	fi
 
 	# Validate server certificates
-	if isset CA_BUNDLE; then
-		print_indent 1 "ca_cert=${CA_BUNDLE}"
+	if file_exists "${ca_cert_path}"; then
+		print_indent 1 "ca_cert=\"${ca_cert_path}\""
+
+	elif isset CA_BUNDLE; then
+		print_indent 1 "ca_cert=\"${CA_BUNDLE}\""
 	fi
 
 	print_indent 0 "}"
-- 
2.47.3