diff options
author | David Lam <david@thedavid.net> | 2020-01-16 01:15:11 -0800 |
---|---|---|
committer | David Lam <david@thedavid.net> | 2020-01-16 01:15:11 -0800 |
commit | dbc5778228874534af55361506b39f0e1f700590 (patch) | |
tree | 265fd322d107ec46c54be9f3e220ceb47c445eef /modules/luci-mod-network | |
parent | 88b9d58a44ea52e812cf0c0db5b5b6b87783bd7e (diff) |
luci-mod-network: add system cert bundle validation
This commit adds the ability for users to validate against the system's
built-in CA bundle if it is installed. The process is made much easier because
the user does not have to first extract the CA certificate from the EAPOL
handshake and upload it via LuCI uploads. Dependent on commit
openwrt/openwrt#2696.
Signed-off-by: David Lam <david@thedavid.net>
Diffstat (limited to 'modules/luci-mod-network')
-rw-r--r-- | modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js index 54786d36a0..9c437c566b 100644 --- a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js +++ b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js @@ -1428,11 +1428,26 @@ return L.view.extend({ o.depends({ mode: 'sta-wds', encryption: 'wpa' }); o.depends({ mode: 'sta-wds', encryption: 'wpa2' }); - o = ss.taboption('encryption', form.FileUpload, 'ca_cert', _('Path to CA-Certificate')); + o = ss.taboption('encryption', form.Flag, 'ca_cert_usesystem', _('Use system certificates'), _("Validate server certificate using built-in system CA bundle,<br />requires the \"ca-bundle\" package")) + o.enabled = '1'; + o.disabled = '0'; + o.default = o.disabled; o.depends({ mode: 'sta', encryption: 'wpa' }); o.depends({ mode: 'sta', encryption: 'wpa2' }); o.depends({ mode: 'sta-wds', encryption: 'wpa' }); o.depends({ mode: 'sta-wds', encryption: 'wpa2' }); + o.validate = function(section_id, value) { + if (value == '1' && !L.hasSystemFeature('cabundle')) { + return _("This option cannot be used because the ca-bundle package is not installed."); + } + return true; + }; + + o = ss.taboption('encryption', form.FileUpload, 'ca_cert', _('Path to CA-Certificate')); + o.depends({ mode: 'sta', encryption: 'wpa', ca_cert_usesystem: '0' }); + o.depends({ mode: 'sta', encryption: 'wpa2', ca_cert_usesystem: '0' }); + o.depends({ mode: 'sta-wds', encryption: 'wpa', ca_cert_usesystem: '0' }); + o.depends({ mode: 'sta-wds', encryption: 'wpa2', ca_cert_usesystem: '0' }); o = ss.taboption('encryption', form.Value, 'subject_match', _('Certificate constraint (Subject)'), _("Certificate constraint substring - e.g. /CN=wifi.mycompany.com<br />See `logread -f` during handshake for actual values")); o.depends({ mode: 'sta', encryption: 'wpa' }); @@ -1509,11 +1524,26 @@ return L.view.extend({ return true; }; - o = ss.taboption('encryption', form.FileUpload, 'ca_cert2', _('Path to inner CA-Certificate')); + o = ss.taboption('encryption', form.Flag, 'ca_cert2_usesystem', _('Use system certificates for inner-tunnel'), _("Validate server certificate using built-in system CA bundle,<br />requires the \"ca-bundle\" package")) + o.enabled = '1'; + o.disabled = '0'; + o.default = o.disabled; o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa' }); o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa2' }); o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa' }); o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa2' }); + o.validate = function(section_id, value) { + if (value == '1' && !L.hasSystemFeature('cabundle')) { + return _("This option cannot be used because the ca-bundle package is not installed."); + } + return true; + }; + + o = ss.taboption('encryption', form.FileUpload, 'ca_cert2', _('Path to inner CA-Certificate')); + o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa', ca_cert2_usesystem: '0' }); + o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa2', ca_cert2_usesystem: '0' }); + o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa', ca_cert2_usesystem: '0' }); + o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa2', ca_cert2_usesystem: '0' }); o = ss.taboption('encryption', form.Value, 'subject_match2', _('Inner certificate constraint (Subject)'), _("Certificate constraint substring - e.g. /CN=wifi.mycompany.com<br />See `logread -f` during handshake for actual values")); o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa' }); |