Merge branch 'feat/eap_domain_check_v5.2' into 'release/v5.2'

esp_wifi: Add EAP domain validation support (v5.2) See merge request espressif/esp-idf!38281
2026-06-04 20:26:38 +03:00 · 2025-04-14 14:26:59 +08:00
parent 2bb1dfbf7a 22dd9dda98
commit 486dfdeddb
11 changed files with 186 additions and 41 deletions
--- a/examples/wifi/wifi_enterprise/main/Kconfig.projbuild
+++ b/examples/wifi/wifi_enterprise/main/Kconfig.projbuild
@@ -98,4 +98,19 @@ menu "Example Configuration"
        default n
        help
            Use default CA certificate bundle for WiFi enterprise connection
+
+    config EXAMPLE_VALIDATE_SERVER_CERT_DOMAIN
+        bool "Enable server certificate domain validation"
+        depends on EXAMPLE_VALIDATE_SERVER_CERT
+        default n
+        help
+            Enable validation of the server certificate's domain name.
+
+    config EXAMPLE_SERVER_CERT_DOMAIN
+        string "Expected server certificate domain"
+        depends on EXAMPLE_VALIDATE_SERVER_CERT_DOMAIN
+        default "espressif.com"
+        help
+            Specify the expected domain name for the server certificate.
+            The connection will be accepted only if the server certificate matches this domain.
 endmenu
--- a/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c
+++ b/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c
@@ -1,6 +1,6 @@
 /*
 * SPDX-FileCopyrightText: 2006-2016 ARM Limited
- * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -33,6 +33,7 @@
 #define EXAMPLE_EAP_ID CONFIG_EXAMPLE_EAP_ID
 #define EXAMPLE_EAP_USERNAME CONFIG_EXAMPLE_EAP_USERNAME
 #define EXAMPLE_EAP_PASSWORD CONFIG_EXAMPLE_EAP_PASSWORD
+#define EXAMPLE_SERVER_CERT_DOMAIN CONFIG_EXAMPLE_SERVER_CERT_DOMAIN

 /* FreeRTOS event group to signal when we are connected & ready to make a request */
 static EventGroupHandle_t wifi_event_group;
@@ -150,6 +151,9 @@ static void initialise_wifi(void)
 #endif
 #ifdef CONFIG_EXAMPLE_USE_DEFAULT_CERT_BUNDLE
    ESP_ERROR_CHECK(esp_eap_client_use_default_cert_bundle(true));
+#endif
+#ifdef CONFIG_EXAMPLE_VALIDATE_SERVER_CERT_DOMAIN
+    ESP_ERROR_CHECK(esp_eap_client_set_domain_name(EXAMPLE_SERVER_CERT_DOMAIN));
 #endif
    ESP_ERROR_CHECK(esp_wifi_sta_enterprise_enable());
    ESP_ERROR_CHECK(esp_wifi_start());