diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 231c2c1b88..2642a263dc 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hostapd -PKG_RELEASE:=5 +PKG_RELEASE:=6 PKG_SOURCE_URL:=http://w1.fi/hostap.git PKG_SOURCE_PROTO:=git diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index b52d305f95..ab86638e11 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -212,6 +212,7 @@ hostapd_common_add_bss_config() { config_add_string radius_client_addr config_add_string iapp_interface config_add_string eap_type ca_cert client_cert identity anonymous_identity auth priv_key priv_key_pwd + config_add_boolean ca_cert_usesystem ca_cert2_usesystem config_add_string subject_match subject_match2 config_add_array altsubject_match altsubject_match2 config_add_array domain_match domain_match2 domain_suffix_match domain_suffix_match2 @@ -872,8 +873,13 @@ wpa_supplicant_add_network() { hostapd_append_wpa_key_mgmt key_mgmt="$wpa_key_mgmt" - json_get_vars eap_type identity anonymous_identity ca_cert - [ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T" + json_get_vars eap_type identity anonymous_identity ca_cert ca_cert_usesystem + + if [ "$ca_cert_usesystem" -eq "1" -a -f "/etc/ssl/certs/ca-certificates.crt" ]; then + append network_data "ca_cert=\"/etc/ssl/certs/ca-certificates.crt\"" "$N$T" + else + [ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T" + fi [ -n "$identity" ] && append network_data "identity=\"$identity\"" "$N$T" [ -n "$anonymous_identity" ] && append network_data "anonymous_identity=\"$anonymous_identity\"" "$N$T" case "$eap_type" in @@ -914,12 +920,15 @@ wpa_supplicant_add_network() { fi ;; fast|peap|ttls) - json_get_vars auth password ca_cert2 client_cert2 priv_key2 priv_key2_pwd + json_get_vars auth password ca_cert2 ca_cert2_usesystem client_cert2 priv_key2 priv_key2_pwd set_default auth MSCHAPV2 if [ "$auth" = "EAP-TLS" ]; then - [ -n "$ca_cert2" ] && - append network_data "ca_cert2=\"$ca_cert2\"" "$N$T" + if [ "$ca_cert2_usesystem" -eq "1" -a -f "/etc/ssl/certs/ca-certificates.crt" ]; then + append network_data "ca_cert2=\"/etc/ssl/certs/ca-certificates.crt\"" "$N$T" + else + [ -n "$ca_cert2" ] && append network_data "ca_cert2=\"$ca_cert2\"" "$N$T" + fi append network_data "client_cert2=\"$client_cert2\"" "$N$T" append network_data "private_key2=\"$priv_key2\"" "$N$T" append network_data "private_key2_passwd=\"$priv_key2_pwd\"" "$N$T"