[libnma/lr/empty-domain-match: 1/2] eap-tls: do not set empty 802.1x domain_suffix_match

[Lubomir Rintel <lkundrak src gnome org>]

commit ef60cde5619193da8173046c9076cbc43780a3e9
Author: Lubomir Rintel <lkundrak v3 sk>
Date:   Fri Jan 21 12:01:50 2022 +0100

    eap-tls: do not set empty 802.1x domain_suffix_match
    
    If the user doesn't fill this in (hopefully knowing what are they
    doing), we're setting the property to a blank string. That is no good,
    because that results in a connection that can not be activated.
    
    Current version of NetworkManager just passes it as it is to the
    supplicant and supplicant rejects it outright (with a fairly unhelpful
    "invalid network" message).
    
    While this might warrant a fix in NM, let's make sure we don't produce
    such connections with any NM version.
    
    PEAP and TTLS do the right thing already.

 src/nma-ws/nma-eap-tls.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)
---
diff --git a/src/nma-ws/nma-eap-tls.c b/src/nma-ws/nma-eap-tls.c
index 4d47718a..5b6f1044 100644
--- a/src/nma-ws/nma-eap-tls.c
+++ b/src/nma-ws/nma-eap-tls.c
@@ -95,8 +95,8 @@ fill_connection (NMAEap *parent, NMConnection *connection)
        NMSetting8021x *s_8021x;
        NMSettingSecretFlags secret_flags;
        GtkWidget *widget;
+       const char *text = NULL;
        char *value = NULL;
-       const char *password = NULL;
        GError *error = NULL;
        gboolean ca_cert_error = FALSE;
        NMSetting8021xCKScheme scheme;
@@ -115,21 +115,24 @@ fill_connection (NMAEap *parent, NMConnection *connection)
 
        widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_domain_entry"));
        g_assert (widget);
-       g_object_set (s_8021x,
-                     parent->phase2 ? NM_SETTING_802_1X_PHASE2_DOMAIN_SUFFIX_MATCH : 
NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH,
-                     gtk_editable_get_text (GTK_EDITABLE (widget)), NULL);
+       text = gtk_editable_get_text (GTK_EDITABLE (widget));
+       if (text && *text) {
+               g_object_set (s_8021x,
+                             parent->phase2 ? NM_SETTING_802_1X_PHASE2_DOMAIN_SUFFIX_MATCH : 
NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH,
+                             gtk_editable_get_text (GTK_EDITABLE (widget)), NULL);
+       }
 
        /* TLS private key */
-       password = nma_cert_chooser_get_key_password (NMA_CERT_CHOOSER (method->client_cert_chooser));
+       text = nma_cert_chooser_get_key_password (NMA_CERT_CHOOSER (method->client_cert_chooser));
        value = nma_cert_chooser_get_key (NMA_CERT_CHOOSER (method->client_cert_chooser), &scheme);
 
        if (parent->phase2) {
-               if (!nm_setting_802_1x_set_phase2_private_key (s_8021x, value, password, scheme, &format, 
&error)) {
+               if (!nm_setting_802_1x_set_phase2_private_key (s_8021x, value, text, scheme, &format, 
&error)) {
                        g_warning ("Couldn't read phase2 private key '%s': %s", value, error ? error->message 
: "(unknown)");
                        g_clear_error (&error);
                }
        } else {
-               if (!nm_setting_802_1x_set_private_key (s_8021x, value, password, scheme, &format, &error)) {
+               if (!nm_setting_802_1x_set_private_key (s_8021x, value, text, scheme, &format, &error)) {
                        g_warning ("Couldn't read private key '%s': %s", value, error ? error->message : 
"(unknown)");
                        g_clear_error (&error);
                }