I added support for the following wpa_supplicant
options to connman:
subject_match, altsubject_match, domain_suffix_match,
they are used for 802.1X aka. enterprise-wpa to check
the authentication server's certificate in order to
prevent MITM attacks using a valid certificate issued
by the same root-CA as configured by CACertFile.
More details at
I would be happy if you integrate it.