Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #3513 from swg0101/systemcert

Browse source 
luci-base/mod-network: add system cert bundle validation
This commit is contained in:
Jo-Philipp Wich 2020-01-16 12:09:12 +01:00 committed by GitHub
commit 1418a72f5d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 33 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
modules/luci-base/root/usr/libexec/rpcd/luci Executable file → Normal file
View file

@ -216,6 +216,7 @@ local methods = {
rv.sysntpd = fs.readlink("/usr/sbin/ntpd") and true rv.sysntpd = fs.readlink("/usr/sbin/ntpd") and true
rv.ipv6 = fs.access("/proc/net/ipv6_route") rv.ipv6 = fs.access("/proc/net/ipv6_route")
rv.dropbear = fs.access("/usr/sbin/dropbear") rv.dropbear = fs.access("/usr/sbin/dropbear")
rv.cabundle = fs.access("/etc/ssl/certs/ca-certificates.crt")
local wifi_features = { "eap", "11n", "11ac", "11r", "11w", "acs", "sae", "owe", "suiteb192" } local wifi_features = { "eap", "11n", "11ac", "11r", "11w", "acs", "sae", "owe", "suiteb192" }

34
modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js
View file

@ -1428,11 +1428,26 @@ return L.view.extend({
o.depends({ mode: 'sta-wds', encryption: 'wpa' }); o.depends({ mode: 'sta-wds', encryption: 'wpa' });
o.depends({ mode: 'sta-wds', encryption: 'wpa2' }); o.depends({ mode: 'sta-wds', encryption: 'wpa2' });
o = ss.taboption('encryption', form.FileUpload, 'ca_cert', _('Path to CA-Certificate')); o = ss.taboption('encryption', form.Flag, 'ca_cert_usesystem', _('Use system certificates'), _("Validate server certificate using built-in system CA bundle,<br />requires the \"ca-bundle\" package"))
o.enabled = '1';
o.disabled = '0';
o.default = o.disabled;
o.depends({ mode: 'sta', encryption: 'wpa' }); o.depends({ mode: 'sta', encryption: 'wpa' });
o.depends({ mode: 'sta', encryption: 'wpa2' }); o.depends({ mode: 'sta', encryption: 'wpa2' });
o.depends({ mode: 'sta-wds', encryption: 'wpa' }); o.depends({ mode: 'sta-wds', encryption: 'wpa' });
o.depends({ mode: 'sta-wds', encryption: 'wpa2' }); o.depends({ mode: 'sta-wds', encryption: 'wpa2' });
o.validate = function(section_id, value) {
if (value == '1' && !L.hasSystemFeature('cabundle')) {
return _("This option cannot be used because the ca-bundle package is not installed.");
}
return true;
};
o = ss.taboption('encryption', form.FileUpload, 'ca_cert', _('Path to CA-Certificate'));
o.depends({ mode: 'sta', encryption: 'wpa', ca_cert_usesystem: '0' });
o.depends({ mode: 'sta', encryption: 'wpa2', ca_cert_usesystem: '0' });
o.depends({ mode: 'sta-wds', encryption: 'wpa', ca_cert_usesystem: '0' });
o.depends({ mode: 'sta-wds', encryption: 'wpa2', ca_cert_usesystem: '0' });
o = ss.taboption('encryption', form.Value, 'subject_match', _('Certificate constraint (Subject)'), _("Certificate constraint substring - e.g. /CN=wifi.mycompany.com<br />See `logread -f` during handshake for actual values")); o = ss.taboption('encryption', form.Value, 'subject_match', _('Certificate constraint (Subject)'), _("Certificate constraint substring - e.g. /CN=wifi.mycompany.com<br />See `logread -f` during handshake for actual values"));
o.depends({ mode: 'sta', encryption: 'wpa' }); o.depends({ mode: 'sta', encryption: 'wpa' });
@ -1509,11 +1524,26 @@ return L.view.extend({
return true; return true;
}; };
o = ss.taboption('encryption', form.FileUpload, 'ca_cert2', _('Path to inner CA-Certificate')); o = ss.taboption('encryption', form.Flag, 'ca_cert2_usesystem', _('Use system certificates for inner-tunnel'), _("Validate server certificate using built-in system CA bundle,<br />requires the \"ca-bundle\" package"))
o.enabled = '1';
o.disabled = '0';
o.default = o.disabled;
o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa' }); o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa' });
o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa2' }); o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa2' });
o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa' }); o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa' });
o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa2' }); o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa2' });
o.validate = function(section_id, value) {
if (value == '1' && !L.hasSystemFeature('cabundle')) {
return _("This option cannot be used because the ca-bundle package is not installed.");
}
return true;
};
o = ss.taboption('encryption', form.FileUpload, 'ca_cert2', _('Path to inner CA-Certificate'));
o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa', ca_cert2_usesystem: '0' });
o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa2', ca_cert2_usesystem: '0' });
o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa', ca_cert2_usesystem: '0' });
o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa2', ca_cert2_usesystem: '0' });
o = ss.taboption('encryption', form.Value, 'subject_match2', _('Inner certificate constraint (Subject)'), _("Certificate constraint substring - e.g. /CN=wifi.mycompany.com<br />See `logread -f` during handshake for actual values")); o = ss.taboption('encryption', form.Value, 'subject_match2', _('Inner certificate constraint (Subject)'), _("Certificate constraint substring - e.g. /CN=wifi.mycompany.com<br />See `logread -f` during handshake for actual values"));
o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa' }); o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa' });