hostapd: add support for system cert bundle validation
authorDavid Lam <david@thedavid.net>
Thu, 16 Jan 2020 08:01:35 +0000 (00:01 -0800)
committerJo-Philipp Wich <jo@mein.io>
Thu, 16 Jan 2020 11:08:18 +0000 (12:08 +0100)
commita5f3648a1c273b45dc9df18785e0b5966ac5b47e
treefa7448fc4fbed9c7db6f9794fc686badb712d1e3
parent702c70264b388c2b47e171843f297f43c71b86b9
hostapd: add support for system cert bundle validation

Currently, it is very cumbersome for a user to connect to a WPA-Enterprise
based network securely because the RADIUS server's CA certificate must first be
extracted from the EAPOL handshake using tcpdump or other methods before it can
be pinned using the ca_cert(2) fields. To make this process easier and more
secure (combined with changes in openwrt/openwrt#2654), this commit adds
support for validating against the built-in CA bundle when the ca-bundle
package is installed. Related LuCI changes in openwrt/luci#3513.

Signed-off-by: David Lam <david@thedavid.net>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
package/network/services/hostapd/Makefile
package/network/services/hostapd/files/hostapd.sh