[SailfishDevel] more security for 802.1X wifi/eduroam

[Lichtinger, Bernhard]

Hello,

After reading 
https://together.jolla.com/question/315/how-to-wpa-8021x-enterprise-eduroam-others-gui-wifi-support-needed-workaround/
and
https://together.jolla.com/question/15292/connman-does-not-support-certificate-detail-verification/

I had a closer look in the sources of connman and wpa_supplicant. IMO it shouldn't be to much effort to add the support for certificate detail verification in connman. It could be done in the same way as the support for anonymous_identity was done with this commit:
http://git.kernel.org/cgit/network/connman/connman.git/commit/?id=1d5429cf57aad9feb9a33f8a1327a88298b7976d&context=1

It should be more or less a copy&paste of code for the wpa_supplicant options subject_match, altsubject_match, domain_suffix_match, and domain_match.

What do you think?


The next step would be to get some kind of UI for an easy setup. In the case of eduroam I'm considering to code a CAT-App (https://cat.eduroam.org/doc/) which uses the same XML profiles as the android CAT-App. Then the user only has to download the XML profile of his organization and to fill in username and password.

I'm wondering how is the best way to create and update connman configs? At the moment the workaround is to create manually a config file in /var/lib/connman, but there must be a better way. I assume the UI does it via D-Bus? 


Regards,
Bernhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4870 bytes
Desc: not available
URL: <https://lists.sailfishos.org/pipermail/devel/attachments/20160802/8337079e/attachment.bin>