From e8a7e4084f3b5477eb0a73df6020a4bb14c1b200 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com>
Date: Fri, 17 Mar 2023 15:50:30 -0700
Subject: Add a --with-system-ca-path <path-to-ca-directory> option to
 configure (#406)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Allow distributions to specify a default CA path. Fix for github issue #405.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
---
 pppd/Makefile.am | 4 ++++
 pppd/auth.c      | 7 +++++++
 2 files changed, 11 insertions(+)

(limited to 'pppd')

diff --git a/pppd/Makefile.am b/pppd/Makefile.am
index c93a86a..e5bedf2 100644
--- a/pppd/Makefile.am
+++ b/pppd/Makefile.am
@@ -87,6 +87,10 @@ pppd_CPPFLAGS = -DSYSCONFDIR=\"${sysconfdir}\" -DLOCALSTATEDIR=\"${localstatedir
 pppd_LDFLAGS =
 pppd_LIBS =
 
+if PPP_WITH_SYSTEM_CA_PATH
+pppd_CPPFLAGS += -DSYSTEM_CA_PATH='"@SYSTEM_CA_PATH@"'
+endif
+
 if LINUX
 pppd_SOURCES += sys-linux.c
 noinst_HEADERS += termios_linux.h
diff --git a/pppd/auth.c b/pppd/auth.c
index 202d557..cee847e 100644
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -1334,6 +1334,13 @@ auth_check_options(void)
     if (user[0] == 0 && !explicit_user)
 	strlcpy(user, our_name, sizeof(user));
 
+#if defined(SYSTEM_CA_PATH) && (defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP))
+    /* Use system default for CA Path if not specified */
+    if (!ca_path) {
+        ca_path = SYSTEM_CA_PATH;
+    }
+#endif
+
     /*
      * If we have a default route, require the peer to authenticate
      * unless the noauth option was given or the real user is root.
-- 
cgit v1.2.1