wpa_supplicant: add support for EAP-TLS phase2

Introduce config options client_cert2, priv_key2 and priv_key2_pwd
used for EAP-TLS phase2 authentication in WPA-EAP client mode.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48345 3c298f89-4303-0410-b956-a3cf2f4a3e73

1 files changed, 12 insertions, 2 deletions

diff --git a/package/network/services/hostapd/files/netifd.sh b/package/network/services/hostapd/files/netifd.sh
index cedf5d5589..ad96b8b460 100644
--- a/package/network/services/hostapd/files/netifd.sh
+++ b/package/network/services/hostapd/files/netifd.sh
@@ -634,8 +634,19 @@ wpa_supplicant_add_network() {
 					append network_data "private_key_passwd=\"$priv_key_pwd\"" "$N$T"
 				;;
 				fast|peap|ttls)
-					json_get_vars auth password
+					json_get_vars auth password ca_cert2 client_cert2 priv_key2 priv_key2_pwd
 					set_default auth MSCHAPV2
+
+					if [ "$auth" = "EAP-TLS" ]; then
+						[ -n "$ca_cert2" ] &&
+							append network_data "ca_cert2=\"$ca_cert2\"" "$N$T"
+						append network_data "client_cert2=\"$client_cert2\"" "$N$T"
+						append network_data "private_key2=\"$priv_key2\"" "$N$T"
+						append network_data "private_key2_passwd=\"$priv_key2_pwd\"" "$N$T"
+					else
+						append network_data "password=\"$password\"" "$N$T"
+					fi
+
 					phase2proto="auth="
 					case "$auth" in
 						"auth"*)
@@ -648,7 +659,6 @@ wpa_supplicant_add_network() {
 						;;
 					esac
 					append network_data "phase2=\"$phase2proto$auth\"" "$N$T"
-					append network_data "password=\"$password\"" "$N$T"
 				;;
 			esac
 			append network_data "eap=$(echo $eap_type | tr 'a-z' 'A-Z')" "$N$T"