[NetworkManager-openvpn/bg/pkcs12-ca-fix: 11/11] import: fix importing profiles with PKCS#12 CA
- From: Beniamino Galvani <bgalvani src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [NetworkManager-openvpn/bg/pkcs12-ca-fix: 11/11] import: fix importing profiles with PKCS#12 CA
- Date: Tue, 12 Jul 2022 16:34:48 +0000 (UTC)
commit a8b64424a2d6078e8ee2347af9df2c61d1c6227a
Author: Beniamino Galvani <bgalvani redhat com>
Date: Wed Jul 6 10:28:20 2022 +0200
import: fix importing profiles with PKCS#12 CA
'have_ca' indicates whether we have an explicit CA cert; don't set it
when the CA is from a PKCS#12 file.
Without this fix, trying to import a profile with a PKCS#12 that
includes the CA certificate results in error:
"--ca can not be PKCS#12 format"
because we first set have_pkcs12=TRUE, have_ca=TRUE and then we check
that the CA is not in PKCS#12 format.
Fixes: 34a0c9257aac ("Handle the various pkcs12/cert/key/ca combinations.")
https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/83
https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/merge_requests/50
properties/import-export.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
---
diff --git a/properties/import-export.c b/properties/import-export.c
index 7c51a20..c3ace34 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -1297,10 +1297,8 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_PKCS12)) {
/* OpenVPN allows --pkcs12 with external (PEM) --ca. Don't overwrite it with
the PKCS#12 file. */
- if (!have_ca) {
+ if (!have_ca)
setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_CA, file);
- have_ca = TRUE;
- }
setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_CERT, file);
setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_KEY, file);
have_pkcs12 = TRUE;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
