[network-manager-applet/th/certs] Revert "libnm-gtk: default to system CA certificates for validation for new connections"

[Thomas Haller <thaller src gnome org>]

commit c798c40c5dce3bc6d9b615621cefe59660b5a504
Author: Thomas Haller <thaller redhat com>
Date:   Tue Oct 29 21:07:38 2013 +0100

    Revert "libnm-gtk: default to system CA certificates for validation for new connections"
    
    This reverts commit 3021ce121b162fc69ec2fd800776a5dd28d72042.
    
    For EAP connections it usually does not make sense to validate the
    certificate with the system CA store. User mostly either want to
    provide the one exact certificate (ca-cert) or don't do any validation
    at all.
    
    Previously, nm-connection-editor set the property system-ca-certs=true
    for new connections, but there was no field in the UI to unset this
    setting. This effectively meant, that if the user did not provide a
    valid ca-cert (or put the certificate in the system wide store) the
    connection could not be established.
    
    Change the behavior, so that new connections created by nm-c-e don't
    have system-ca-certs set.
    
    The system-ca-certs property cannot be configured from the UI and nm-c-e
    will not touch it in existing connection. This makes sense, because referring
    to the system store is not a common use case. On the other hand, users who
    *really* want to use this option, can do so using e.g. nmcli. In that case,
    nm-c-e will not tamper with the setting.
    
    Connections that were created by older versions of nm-c-e might be
    unable to connect. The system-ca-certs option can be unset with:
    
      $ nmcli connection modify id "$ID" 802-1x.system-ca-certs false
    
    https://bugzilla.gnome.org/show_bug.cgi?id=702608
    
    Signed-off-by: Thomas Haller <thaller redhat com>

 src/wireless-security/eap-method-leap.c   |    1 -
 src/wireless-security/eap-method-simple.c |    1 -
 src/wireless-security/eap-method-tls.c    |    1 -
 3 files changed, 0 insertions(+), 3 deletions(-)
---
diff --git a/src/wireless-security/eap-method-leap.c b/src/wireless-security/eap-method-leap.c
index ad5d369..44f2342 100644
--- a/src/wireless-security/eap-method-leap.c
+++ b/src/wireless-security/eap-method-leap.c
@@ -98,7 +98,6 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
        if (method->new_connection) {
                g_object_set (s_8021x,
                              NM_SETTING_802_1X_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
-                             NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE,
                              NULL);
        }
 }
diff --git a/src/wireless-security/eap-method-simple.c b/src/wireless-security/eap-method-simple.c
index 117997b..74830bc 100644
--- a/src/wireless-security/eap-method-simple.c
+++ b/src/wireless-security/eap-method-simple.c
@@ -162,7 +162,6 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
        if (method->new_connection && (not_saved == FALSE)) {
                g_object_set (s_8021x,
                              NM_SETTING_802_1X_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
-                             NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE,
                              NULL);
        }
 }
diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c
index b57d1ed..a48b491 100644
--- a/src/wireless-security/eap-method-tls.c
+++ b/src/wireless-security/eap-method-tls.c
@@ -186,7 +186,6 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
        if (method->new_connection) {
                g_object_set (s_8021x,
                              secret_flag_prop, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
-                             NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE,
                              NULL);
        }