From dbb17153255139245377c7762af32c9b3f8a4979 Mon Sep 17 00:00:00 2001
From: Michael Stoll <michael.stoll@de-signo.de>
Date: Fri, 14 Mar 2025 17:17:09 +0100
Subject: [PATCH] feat: Add domain match to wifi_enterprise example

---
 examples/wifi/wifi_enterprise/main/Kconfig.projbuild | 12 ++++++++++++
 .../wifi/wifi_enterprise/main/wifi_enterprise_main.c |  3 +++
 2 files changed, 15 insertions(+)

diff --git a/examples/wifi/wifi_enterprise/main/Kconfig.projbuild b/examples/wifi/wifi_enterprise/main/Kconfig.projbuild
index 8a8f50c249..58b57bb021 100644
--- a/examples/wifi/wifi_enterprise/main/Kconfig.projbuild
+++ b/examples/wifi/wifi_enterprise/main/Kconfig.projbuild
@@ -98,4 +98,16 @@ menu "Example Configuration"
         default n
         help
             Use default CA certificate bundle for WiFi enterprise connection
+
+    config EXAMPLE_USE_SERVER_DOMAIN_MATCH
+        bool "Validate server cert domain"
+        help
+            Validate the certificate domain
+
+    config EXAMPLE_SERVER_DOMAIN_MATCH_VALUE
+        string "Server cert domain"
+        depends on EXAMPLE_USE_SERVER_DOMAIN_MATCH
+        default "espressif.com"
+        help
+            Accept only server certificates matching this domain
 endmenu
diff --git a/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c b/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c
index b511c7c20a..16909a9820 100644
--- a/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c
+++ b/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c
@@ -150,6 +150,9 @@ static void initialise_wifi(void)
 #endif
 #ifdef CONFIG_EXAMPLE_USE_DEFAULT_CERT_BUNDLE
     ESP_ERROR_CHECK(esp_eap_client_use_default_cert_bundle(true));
+#endif
+#ifdef CONFIG_EXAMPLE_USE_SERVER_DOMAIN_MATCH
+    ESP_ERROR_CHECK(esp_eap_client_set_domain_match(CONFIG_EXAMPLE_SERVER_DOMAIN_MATCH_VALUE));
 #endif
     ESP_ERROR_CHECK(esp_wifi_sta_enterprise_enable());
     ESP_ERROR_CHECK(esp_wifi_start());