summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorDavid Lam <david@thedavid.net>2020-01-16 01:15:11 -0800
committerDavid Lam <david@thedavid.net>2020-01-16 01:15:11 -0800
commitdbc5778228874534af55361506b39f0e1f700590 (patch)
tree265fd322d107ec46c54be9f3e220ceb47c445eef
parent88b9d58a44ea52e812cf0c0db5b5b6b87783bd7e (diff)
luci-mod-network: add system cert bundle validation
This commit adds the ability for users to validate against the system's built-in CA bundle if it is installed. The process is made much easier because the user does not have to first extract the CA certificate from the EAPOL handshake and upload it via LuCI uploads. Dependent on commit openwrt/openwrt#2696. Signed-off-by: David Lam <david@thedavid.net>
-rw-r--r--modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js34
1 files changed, 32 insertions, 2 deletions
diff --git a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js
index 54786d36a..9c437c566 100644
--- a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js
+++ b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js
@@ -1428,11 +1428,26 @@ return L.view.extend({
o.depends({ mode: 'sta-wds', encryption: 'wpa' });
o.depends({ mode: 'sta-wds', encryption: 'wpa2' });
- o = ss.taboption('encryption', form.FileUpload, 'ca_cert', _('Path to CA-Certificate'));
+ o = ss.taboption('encryption', form.Flag, 'ca_cert_usesystem', _('Use system certificates'), _("Validate server certificate using built-in system CA bundle,<br />requires the \"ca-bundle\" package"))
+ o.enabled = '1';
+ o.disabled = '0';
+ o.default = o.disabled;
o.depends({ mode: 'sta', encryption: 'wpa' });
o.depends({ mode: 'sta', encryption: 'wpa2' });
o.depends({ mode: 'sta-wds', encryption: 'wpa' });
o.depends({ mode: 'sta-wds', encryption: 'wpa2' });
+ o.validate = function(section_id, value) {
+ if (value == '1' && !L.hasSystemFeature('cabundle')) {
+ return _("This option cannot be used because the ca-bundle package is not installed.");
+ }
+ return true;
+ };
+
+ o = ss.taboption('encryption', form.FileUpload, 'ca_cert', _('Path to CA-Certificate'));
+ o.depends({ mode: 'sta', encryption: 'wpa', ca_cert_usesystem: '0' });
+ o.depends({ mode: 'sta', encryption: 'wpa2', ca_cert_usesystem: '0' });
+ o.depends({ mode: 'sta-wds', encryption: 'wpa', ca_cert_usesystem: '0' });
+ o.depends({ mode: 'sta-wds', encryption: 'wpa2', ca_cert_usesystem: '0' });
o = ss.taboption('encryption', form.Value, 'subject_match', _('Certificate constraint (Subject)'), _("Certificate constraint substring - e.g. /CN=wifi.mycompany.com<br />See `logread -f` during handshake for actual values"));
o.depends({ mode: 'sta', encryption: 'wpa' });
@@ -1509,11 +1524,26 @@ return L.view.extend({
return true;
};
- o = ss.taboption('encryption', form.FileUpload, 'ca_cert2', _('Path to inner CA-Certificate'));
+ o = ss.taboption('encryption', form.Flag, 'ca_cert2_usesystem', _('Use system certificates for inner-tunnel'), _("Validate server certificate using built-in system CA bundle,<br />requires the \"ca-bundle\" package"))
+ o.enabled = '1';
+ o.disabled = '0';
+ o.default = o.disabled;
o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa' });
o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa2' });
o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa' });
o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa2' });
+ o.validate = function(section_id, value) {
+ if (value == '1' && !L.hasSystemFeature('cabundle')) {
+ return _("This option cannot be used because the ca-bundle package is not installed.");
+ }
+ return true;
+ };
+
+ o = ss.taboption('encryption', form.FileUpload, 'ca_cert2', _('Path to inner CA-Certificate'));
+ o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa', ca_cert2_usesystem: '0' });
+ o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa2', ca_cert2_usesystem: '0' });
+ o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa', ca_cert2_usesystem: '0' });
+ o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa2', ca_cert2_usesystem: '0' });
o = ss.taboption('encryption', form.Value, 'subject_match2', _('Inner certificate constraint (Subject)'), _("Certificate constraint substring - e.g. /CN=wifi.mycompany.com<br />See `logread -f` during handshake for actual values"));
o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa' });