diff --git a/esphome/components/wifi/wifi_component.cpp b/esphome/components/wifi/wifi_component.cpp index 5c1c533c5d..df80c5b109 100644 --- a/esphome/components/wifi/wifi_component.cpp +++ b/esphome/components/wifi/wifi_component.cpp @@ -201,7 +201,26 @@ void WiFiComponent::start_connecting(const WiFiAP &ap, bool two) { } else { ESP_LOGV(TAG, " BSSID: Not Set"); } - ESP_LOGV(TAG, " Password: " LOG_SECRET("'%s'"), ap.get_password().c_str()); + +#ifdef ESPHOME_WIFI_WPA2_EAP + if (ap.get_eap().has_value()) { + ESP_LOGV(TAG, " WPA2 Enterprise authentication configured:"); + EAPAuth eap_config = ap.get_eap().value(); + ESP_LOGV(TAG, " Identity: " LOG_SECRET("'%s'"), eap_config.identity.c_str()); + ESP_LOGV(TAG, " Username: " LOG_SECRET("'%s'"), eap_config.username.c_str()); + ESP_LOGV(TAG, " Password: " LOG_SECRET("'%s'"), eap_config.password.c_str()); + bool ca_cert_present = eap_config.ca_cert != nullptr && strlen(eap_config.ca_cert); + bool client_cert_present = eap_config.client_cert != nullptr && strlen(eap_config.client_cert); + bool client_key_present = eap_config.client_key != nullptr && strlen(eap_config.client_key); + ESP_LOGV(TAG, " CA Cert: %s", ca_cert_present ? "present" : "not present"); + ESP_LOGV(TAG, " Client Cert: %s", client_cert_present ? "present" : "not present"); + ESP_LOGV(TAG, " Client Key: %s", client_key_present ? "present" : "not present"); + } else { +#endif + ESP_LOGV(TAG, " Password: " LOG_SECRET("'%s'"), ap.get_password().c_str()); +#ifdef ESPHOME_WIFI_WPA2_EAP + } +#endif if (ap.get_channel().has_value()) { ESP_LOGV(TAG, " Channel: %u", *ap.get_channel()); } else { @@ -400,9 +419,17 @@ void WiFiComponent::check_scanning_finished() { connect_params.set_channel(scan_res.get_channel()); connect_params.set_bssid(scan_res.get_bssid()); } - // set manual IP+password (if any) + // copy manual IP (if set) connect_params.set_manual_ip(config.get_manual_ip()); + +#ifdef ESPHOME_WIFI_WPA2_EAP + // copy EAP parameters (if set) + connect_params.set_eap(config.get_eap()); +#endif + + // copy password (if set) connect_params.set_password(config.get_password()); + break; } @@ -576,9 +603,21 @@ bool WiFiScanResult::matches(const WiFiAP &config) { // If BSSID configured, only match for correct BSSIDs if (config.get_bssid().has_value() && *config.get_bssid() != this->bssid_) return false; - // If PW given, only match for networks with auth (and vice versa) + +#ifdef ESPHOME_WIFI_WPA2_EAP + // BSSID requires auth but no PSK or EAP credentials given + if (this->with_auth_ && (config.get_password().empty() && !config.get_eap().has_value())) + return false; + + // BSSID does not require auth, but PSK or EAP credentials given + if (!this->with_auth_ && (!config.get_password().empty() || config.get_eap().has_value())) + return false; +#else + // If PSK given, only match for networks with auth (and vice versa) if (config.get_password().empty() == this->with_auth_) return false; +#endif + // If channel configured, only match networks on that channel. if (config.get_channel().has_value() && *config.get_channel() != this->channel_) { return false;