Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

luci-mod-network: add system cert bundle validation

Browse source 
This commit adds the ability for users to validate against the system's
built-in CA bundle if it is installed. The process is made much easier because
the user does not have to first extract the CA certificate from the EAPOL
handshake and upload it via LuCI uploads. Dependent on commit
openwrt/openwrt#2696.

Signed-off-by: David Lam <david@thedavid.net>
This commit is contained in:
David Lam 2020-01-16 01:15:11 -08:00
parent 88b9d58a44
commit dbc5778228
No known key found for this signature in database
GPG key ID: 9936F96D950FF7DA
1 changed files with 32 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js
View file

@ -1428,11 +1428,26 @@ return L.view.extend({
o.depends({ mode: 'sta-wds', encryption: 'wpa' });
o.depends({ mode: 'sta-wds', encryption: 'wpa2' });
o = ss.taboption('encryption', form.FileUpload, 'ca_cert', _('Path to CA-Certificate'));
o = ss.taboption('encryption', form.Flag, 'ca_cert_usesystem', _('Use system certificates'), _("Validate server certificate using built-in system CA bundle,<br />requires the \"ca-bundle\" package"))
o.enabled = '1';
o.disabled = '0';
o.default = o.disabled;
o.depends({ mode: 'sta', encryption: 'wpa' });
o.depends({ mode: 'sta', encryption: 'wpa2' });
o.depends({ mode: 'sta-wds', encryption: 'wpa' });
o.depends({ mode: 'sta-wds', encryption: 'wpa2' });
o.validate = function(section_id, value) {
if (value == '1' && !L.hasSystemFeature('cabundle')) {
return _("This option cannot be used because the ca-bundle package is not installed.");
}
return true;
};
o = ss.taboption('encryption', form.FileUpload, 'ca_cert', _('Path to CA-Certificate'));
o.depends({ mode: 'sta', encryption: 'wpa', ca_cert_usesystem: '0' });
o.depends({ mode: 'sta', encryption: 'wpa2', ca_cert_usesystem: '0' });
o.depends({ mode: 'sta-wds', encryption: 'wpa', ca_cert_usesystem: '0' });
o.depends({ mode: 'sta-wds', encryption: 'wpa2', ca_cert_usesystem: '0' });
o = ss.taboption('encryption', form.Value, 'subject_match', _('Certificate constraint (Subject)'), _("Certificate constraint substring - e.g. /CN=wifi.mycompany.com<br />See `logread -f` during handshake for actual values"));
o.depends({ mode: 'sta', encryption: 'wpa' });
@ -1509,11 +1524,26 @@ return L.view.extend({
return true;
};
o = ss.taboption('encryption', form.FileUpload, 'ca_cert2', _('Path to inner CA-Certificate'));
o = ss.taboption('encryption', form.Flag, 'ca_cert2_usesystem', _('Use system certificates for inner-tunnel'), _("Validate server certificate using built-in system CA bundle,<br />requires the \"ca-bundle\" package"))
o.enabled = '1';
o.disabled = '0';
o.default = o.disabled;
o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa' });
o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa2' });
o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa' });
o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa2' });
o.validate = function(section_id, value) {
if (value == '1' && !L.hasSystemFeature('cabundle')) {
return _("This option cannot be used because the ca-bundle package is not installed.");
}
return true;
};
o = ss.taboption('encryption', form.FileUpload, 'ca_cert2', _('Path to inner CA-Certificate'));
o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa', ca_cert2_usesystem: '0' });
o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa2', ca_cert2_usesystem: '0' });
o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa', ca_cert2_usesystem: '0' });
o.depends({ mode: 'sta-wds', auth: 'EAP-TLS', encryption: 'wpa2', ca_cert2_usesystem: '0' });
o = ss.taboption('encryption', form.Value, 'subject_match2', _('Inner certificate constraint (Subject)'), _("Certificate constraint substring - e.g. /CN=wifi.mycompany.com<br />See `logread -f` during handshake for actual values"));
o.depends({ mode: 'sta', auth: 'EAP-TLS', encryption: 'wpa' });