Add a --with-system-ca-path <path-to-ca-directory> option to configure (#406)

Allow distributions to specify a default CA path. Fix for github issue #405.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>

2 files changed, 11 insertions, 0 deletions

diff --git a/pppd/Makefile.am b/pppd/Makefile.am
index c93a86a..e5bedf2 100644
--- a/pppd/Makefile.am
+++ b/pppd/Makefile.am
@@ -87,6 +87,10 @@ pppd_CPPFLAGS = -DSYSCONFDIR=\"${sysconfdir}\" -DLOCALSTATEDIR=\"${localstatedir
 pppd_LDFLAGS =
 pppd_LIBS =
 
+if PPP_WITH_SYSTEM_CA_PATH
+pppd_CPPFLAGS += -DSYSTEM_CA_PATH='"@SYSTEM_CA_PATH@"'
+endif
+
 if LINUX
 pppd_SOURCES += sys-linux.c
 noinst_HEADERS += termios_linux.h
diff --git a/pppd/auth.c b/pppd/auth.c
index 202d557..cee847e 100644
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -1334,6 +1334,13 @@ auth_check_options(void)
     if (user[0] == 0 && !explicit_user)
 	strlcpy(user, our_name, sizeof(user));
 
+#if defined(SYSTEM_CA_PATH) && (defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP))
+    /* Use system default for CA Path if not specified */
+    if (!ca_path) {
+        ca_path = SYSTEM_CA_PATH;
+    }
+#endif
+
     /*
      * If we have a default route, require the peer to authenticate
      * unless the noauth option was given or the real user is root.