commit bc6e7390c4401e171ede4dc83b79b316f3e71100
author Paul Stewart <pstew@chromium.org> Thu May 24 07:07:48 2012 -0700
committer Gerrit <chrome-bot@google.com> Tue May 29 18:19:19 2012 -0700
tree 4c5890a939ae888a4c29967d0aa32f1d9bf99f80
parent a02ee49759d43133ba6aa6302e5a44de5a920044

shill: Service: Report and filter EAP remote certificate subjects

Create a read-only "EAP.RemoteCertification" parameter in WiFi
services that returns the subject name of each entity in the
ceritificate chain in the server side of TLS authentication.

Create a read/write "EAP.SubjectMatch" parameter in WiFi services
that populates the "subject_match" parameter in wpa_supplicant for
802.1x interactions.  This allows callers to specify that we only
connect to specific endpoints who have a subject name that contains
this substring.

BUG=chromium-os:31247
TEST=New unit tests + observe EAP-TLS autotest
Change-Id: Ia37b7726e08eb121fb1ab7ec4c2de7eb958fc9cf
Reviewed-on: https://gerrit.chromium.org/gerrit/23746
Commit-Ready: Paul Stewart <pstew@chromium.org>
Reviewed-by: Paul Stewart <pstew@chromium.org>
Tested-by: Paul Stewart <pstew@chromium.org>

wifi_service.cc

diff --git a/wifi_service.cc b/wifi_service.cc
index bc533d0..63757b5 100644
--- a/wifi_service.cc
+++ b/wifi_service.cc
@@ -411,6 +411,7 @@
     if (GetEAPKeyManagement().empty())
       SetEAPKeyManagement("WPA-EAP");
     Populate8021xProperties(&params);
+    ClearEAPCertification();
   } else if (security_ == flimflam::kSecurityPsk) {
     const string psk_proto = StringPrintf("%s %s",
                                           wpa_supplicant::kSecurityModeWPA,
@@ -793,6 +794,8 @@
     KeyVal(wpa_supplicant::kNetworkPropertyEapKeyId, eap().key_id.c_str()),
     KeyVal(wpa_supplicant::kNetworkPropertyEapCaCertId,
            eap().ca_cert_id.c_str()),
+    KeyVal(wpa_supplicant::kNetworkPropertyEapSubjectMatch,
+           eap().subject_match.c_str())
   };
 
   vector<KeyVal> propertyvals(init_propertyvals,