[network-manager-applet/th/certs] Revert "libnm-gtk: default to system CA certificates for validation for new connections"
- From: Thomas Haller <thaller src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-applet/th/certs] Revert "libnm-gtk: default to system CA certificates for validation for new connections"
- Date: Fri, 15 Nov 2013 20:06:08 +0000 (UTC)
commit c798c40c5dce3bc6d9b615621cefe59660b5a504
Author: Thomas Haller <thaller redhat com>
Date: Tue Oct 29 21:07:38 2013 +0100
Revert "libnm-gtk: default to system CA certificates for validation for new connections"
This reverts commit 3021ce121b162fc69ec2fd800776a5dd28d72042.
For EAP connections it usually does not make sense to validate the
certificate with the system CA store. User mostly either want to
provide the one exact certificate (ca-cert) or don't do any validation
at all.
Previously, nm-connection-editor set the property system-ca-certs=true
for new connections, but there was no field in the UI to unset this
setting. This effectively meant, that if the user did not provide a
valid ca-cert (or put the certificate in the system wide store) the
connection could not be established.
Change the behavior, so that new connections created by nm-c-e don't
have system-ca-certs set.
The system-ca-certs property cannot be configured from the UI and nm-c-e
will not touch it in existing connection. This makes sense, because referring
to the system store is not a common use case. On the other hand, users who
*really* want to use this option, can do so using e.g. nmcli. In that case,
nm-c-e will not tamper with the setting.
Connections that were created by older versions of nm-c-e might be
unable to connect. The system-ca-certs option can be unset with:
$ nmcli connection modify id "$ID" 802-1x.system-ca-certs false
https://bugzilla.gnome.org/show_bug.cgi?id=702608
Signed-off-by: Thomas Haller <thaller redhat com>
src/wireless-security/eap-method-leap.c | 1 -
src/wireless-security/eap-method-simple.c | 1 -
src/wireless-security/eap-method-tls.c | 1 -
3 files changed, 0 insertions(+), 3 deletions(-)
---
diff --git a/src/wireless-security/eap-method-leap.c b/src/wireless-security/eap-method-leap.c
index ad5d369..44f2342 100644
--- a/src/wireless-security/eap-method-leap.c
+++ b/src/wireless-security/eap-method-leap.c
@@ -98,7 +98,6 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
if (method->new_connection) {
g_object_set (s_8021x,
NM_SETTING_802_1X_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
- NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE,
NULL);
}
}
diff --git a/src/wireless-security/eap-method-simple.c b/src/wireless-security/eap-method-simple.c
index 117997b..74830bc 100644
--- a/src/wireless-security/eap-method-simple.c
+++ b/src/wireless-security/eap-method-simple.c
@@ -162,7 +162,6 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
if (method->new_connection && (not_saved == FALSE)) {
g_object_set (s_8021x,
NM_SETTING_802_1X_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
- NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE,
NULL);
}
}
diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c
index b57d1ed..a48b491 100644
--- a/src/wireless-security/eap-method-tls.c
+++ b/src/wireless-security/eap-method-tls.c
@@ -186,7 +186,6 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
if (method->new_connection) {
g_object_set (s_8021x,
secret_flag_prop, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
- NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE,
NULL);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]