him411/wlan-ap-Telecominfraproject
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-ap.git synced 2025-12-20 10:51:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
b499eceebe
wlan-ap-Telecominfraproject/feeds/tip
History
John Crispin b499eceebe cloud_discovery: add CAA DNS-based EST server discovery 
Implement EST server discovery via CAA DNS records for air-gapped
deployments. When DHCP Option 224 provides a controller FQDN, query
CAA records to determine the appropriate EST server endpoint.

The discovery flow:
1. Read controller FQDN from /tmp/cloud.json (set by DHCP handler)
2. Query CAA records for the controller domain
3. Use EST server from CAA 'issue' tag if present
4. Fall back to certificate issuer-based selection if CAA lookup fails

This allows network administrators to configure local EST servers via
DNS rather than relying on hardcoded public endpoints. Air-gapped
deployments can now specify private EST servers through standard DNS
infrastructure.

Example DNS configuration:
  controller.local. IN CAA 0 issue "est.local:8001"

When an AP receives controller.local via DHCP Option 224, it will
query CAA records and use est.local:8001 for certificate enrollment
instead of the public est.certificates.open-lan.org endpoint.

Signed-off-by: John Crispin <john@phrozen.org>
2025-12-04 12:31:17 +01:00
..
certificates mount_certs: sonicfi squashfs certifiacte storage improve 2025-09-21 10:20:25 +02:00
cloud_discovery cloud_discovery: add CAA DNS-based EST server discovery 2025-12-04 12:31:17 +01:00
luci luci-mod-ucentral: update certupdate for insta birth certificates 2025-07-01 07:18:54 +02:00
tip-defaults tip-defaults: add operational OpenLan root CA 2025-08-12 19:11:54 +02:00