shill: Service: Report and filter EAP remote certificate subjects
Create a read-only "EAP.RemoteCertification" parameter in WiFi
services that returns the subject name of each entity in the
ceritificate chain in the server side of TLS authentication.
Create a read/write "EAP.SubjectMatch" parameter in WiFi services
that populates the "subject_match" parameter in wpa_supplicant for
802.1x interactions. This allows callers to specify that we only
connect to specific endpoints who have a subject name that contains
this substring.
BUG=chromium-os:31247
TEST=New unit tests + observe EAP-TLS autotest
Change-Id: Ia37b7726e08eb121fb1ab7ec4c2de7eb958fc9cf
Reviewed-on: https://gerrit.chromium.org/gerrit/23746
Commit-Ready: Paul Stewart <pstew@chromium.org>
Reviewed-by: Paul Stewart <pstew@chromium.org>
Tested-by: Paul Stewart <pstew@chromium.org>
diff --git a/wpa_supplicant.h b/wpa_supplicant.h
index 521ddba..585f76e 100644
--- a/wpa_supplicant.h
+++ b/wpa_supplicant.h
@@ -26,9 +26,11 @@
extern const char kErrorInterfaceExists[];
extern const char kInterfacePropertyConfigFile[];
extern const char kInterfacePropertyCurrentBSS[];
+extern const char kInterfacePropertyDepth[];
extern const char kInterfacePropertyDriver[];
extern const char kInterfacePropertyName[];
extern const char kInterfacePropertyState[];
+extern const char kInterfacePropertySubject[];
extern const char kInterfaceState4WayHandshake[];
extern const char kInterfaceStateAssociated[];
extern const char kInterfaceStateAssociating[];
@@ -62,6 +64,7 @@
extern const char kNetworkPropertyEapKeyId[];
extern const char kNetworkPropertyEapCaCertId[];
extern const char kNetworkPropertyEapPin[];
+extern const char kNetworkPropertyEapSubjectMatch[];
extern const char kNetworkPropertyEngine[];
extern const char kNetworkPropertyEngineId[];
extern const char kNetworkPropertyMode[];