[network-manager-applet/nma-0-9-8] Revert "libnm-gtk: default to system CA certificates for validation for new connections"



commit 8b631ffdbd3597a12b4afbbb340991b3e19eb07d
Author: Thomas Haller <thaller redhat com>
Date:   Tue Oct 29 21:07:38 2013 +0100

    Revert "libnm-gtk: default to system CA certificates for validation for new connections"
    
    This reverts commit 3021ce121b162fc69ec2fd800776a5dd28d72042.
    
    For EAP connections it usually does not make sense to validate the
    certificate with the system CA store. User mostly either want to
    provide the one exact certificate (ca-cert) or don't do any validation
    at all.
    
    Previously, nm-connection-editor set the property system-ca-certs=true
    for new connections, but there was no field in the UI to unset this
    setting. This effectively meant, that if the user did not provide a
    valid ca-cert (or put the certificate in the system wide store) the
    connection could not be established.
    
    Change the behavior, so that new connections created by nm-c-e don't
    have system-ca-certs set.
    
    The system-ca-certs property cannot be configured from the UI and nm-c-e
    will not touch it in existing connection. This makes sense, because referring
    to the system store is not a common use case. On the other hand, users who
    *really* want to use this option, can do so using e.g. nmcli. In that case,
    nm-c-e will not tamper with the setting.
    
    Connections that were created by older versions of nm-c-e might be
    unable to connect. The system-ca-certs option can be unset with:
    
      $ nmcli connection modify id "$ID" 802-1x.system-ca-certs false
    
    https://bugzilla.gnome.org/show_bug.cgi?id=702608
    
    Signed-off-by: Thomas Haller <thaller redhat com>
    (cherry picked from commit c798c40c5dce3bc6d9b615621cefe59660b5a504)

 src/wireless-security/eap-method-leap.c   |    1 -
 src/wireless-security/eap-method-simple.c |    1 -
 src/wireless-security/eap-method-tls.c    |    1 -
 3 files changed, 0 insertions(+), 3 deletions(-)
---
diff --git a/src/wireless-security/eap-method-leap.c b/src/wireless-security/eap-method-leap.c
index 93bb32d..3a1545e 100644
--- a/src/wireless-security/eap-method-leap.c
+++ b/src/wireless-security/eap-method-leap.c
@@ -106,7 +106,6 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
        if (method->new_connection) {
                g_object_set (s_8021x,
                              NM_SETTING_802_1X_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
-                             NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE,
                              NULL);
        }
 }
diff --git a/src/wireless-security/eap-method-simple.c b/src/wireless-security/eap-method-simple.c
index 43063dd..6463c46 100644
--- a/src/wireless-security/eap-method-simple.c
+++ b/src/wireless-security/eap-method-simple.c
@@ -169,7 +169,6 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
        if (method->new_connection && (not_saved == FALSE)) {
                g_object_set (s_8021x,
                              NM_SETTING_802_1X_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
-                             NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE,
                              NULL);
        }
 }
diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c
index da02873..1d3222e 100644
--- a/src/wireless-security/eap-method-tls.c
+++ b/src/wireless-security/eap-method-tls.c
@@ -170,7 +170,6 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
        if (method->new_connection) {
                g_object_set (s_8021x,
                              secret_flag_prop, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
-                             NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE,
                              NULL);
        }
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]