diff options
| author | Jo-Philipp Wich <jo@mein.io> | 2020-01-16 12:09:12 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-01-16 12:09:12 +0100 |
| commit | 1418a72f5d1ee6dd6f1cb351460770031f2b6f9f (patch) | |
| tree | 442e7f20b517136ab38e17543e0b2d8a29392cbd | |
| parent | bd99c69418691aeb29a70922bcb24bfc60685ad9 (diff) | |
| parent | 27b21c2a6262a8c383c783e98320746f22fe8f6f (diff) | |
Merge pull request #3513 from swg0101/systemcert
luci-base/mod-network: add system cert bundle validation
| -rw-r--r--[-rwxr-xr-x] | modules/luci-base/root/usr/libexec/rpcd/luci | 1 | ||||
| -rw-r--r-- | modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js | 34 |
2 files changed, 33 insertions, 2 deletions
diff --git a/modules/luci-base/root/usr/libexec/rpcd/luci b/modules/luci-base/root/usr/libexec/rpcd/luci index 56cb7bc85..75afd27a0 100755..100644 --- a/modules/luci-base/root/usr/libexec/rpcd/luci +++ b/modules/luci-base/root/usr/libexec/rpcd/luci @@ -216,6 +216,7 @@ local methods = { rv.sysntpd = fs.readlink("/usr/sbin/ntpd") and true rv.ipv6 = fs.access("/proc/net/ipv6_route") rv.dropbear = fs.access("/usr/sbin/dropbear") + rv.cabundle = fs.access("/etc/ssl/certs/ca-certificates.crt") local wifi_features = { "eap", "11n", "11ac", "11r", "11w", "acs", "sae", "owe", "suiteb192" } diff --git a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js index 54786d36a..9c437c566 100644 --- a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js +++ b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js @@ -1428,11 +1428,26 @@ return L.view.extend({ o.depends({ mode: 'sta-wds', encryption: 'wpa' }); o.depends({ mode: 'sta-wds', encryption: 'wpa2' }); - o = ss.taboption('encryption', form.FileUpload, 'ca_cert', _('Path to CA-Certificate')); + o = ss.taboption('encryption', form.Flag, 'ca_cert_usesystem', _('Use system certificates'), _("Validate server certificate using built-in system CA bundle,<br />requires the \"ca-bundle\" package")) + o.enabled = '1'; + o.disabled = '0'; + o.default = o.disabled; o.depends({ mode: 'sta', encryption: 'wpa' }); o.depends({ mode: 'sta', encryption: 'wpa2' }); o.depends({ mode: 'sta-wds', encryption: 'wpa' }); o.depends({ mode: 'sta-wds', encryption: 'wpa2' }); + o.validate = function(section_id, value) { + if (value == '1' && !L.hasSystemFeature('cabundle')) { + return _("This option cannot be used because the ca-bundle package is not installed."); + } + return true; + }; + + o = ss.taboption('encryption', form.FileUpload, 'ca_cert', _('Path to CA-Certificate')); + o.depends({ mode: 'sta', encryption: 'wpa', ca_cert_usesystem: '0' }); + o.depends({ mode: 'sta', encryption: 'wpa2', ca_cert_usesystem: '0' }); + o.depends({ mode: 'sta-wds', encryption: 'wpa', ca_cert_usesystem: '0' }); + o.depends({ mode: 'sta-wds', encryption: 'wpa2', ca_cert_usesystem: '0' }); o = ss.taboption('encryption', form.Value, 'subject_match', _('Certificate constraint (Subject)'), _("Certificate constraint substring - e.g. /CN=wifi.mycompany.com<br />See `logread -f` during handshake for actual values")); o.depends({ mode: 'sta', encryption: 'wpa' }); @@ -1509,11 +1524,26 @@ return L.view.extend({ return true; }; - o = ss.taboption('encryption', form.FileUpload, 'ca_cert2', _('Path to inner CA-Certificate')); + o = ss.taboption('encryption', form.Flag, 'ca_cert2_usesystem', _('Use system certificates for inner-tunnel'), _("Validate server certificate using built-in system CA bundle,<br />requires the \"ca-bundle\" package")) + o.enabled = '1'; + o.disabled = '0'; + o.default = o.disabled; o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa' }); o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa2' }); o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa' }); o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa2' }); + o.validate = function(section_id, value) { + if (value == '1' && !L.hasSystemFeature('cabundle')) { + return _("This option cannot be used because the ca-bundle package is not installed."); + } + return true; + }; + + o = ss.taboption('encryption', form.FileUpload, 'ca_cert2', _('Path to inner CA-Certificate')); + o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa', ca_cert2_usesystem: '0' }); + o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa2', ca_cert2_usesystem: '0' }); + o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa', ca_cert2_usesystem: '0' }); + o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa2', ca_cert2_usesystem: '0' }); o = ss.taboption('encryption', form.Value, 'subject_match2', _('Inner certificate constraint (Subject)'), _("Certificate constraint substring - e.g. /CN=wifi.mycompany.com<br />See `logread -f` during handshake for actual values")); o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa' }); |