[PATCH] libnm-gtk: default to system CA certificates for validation for new connections



Default to passing the system CA path to wpa_supplicant so that
certificates in /etc/ssl/certs (or whatever was given with
--with-system-ca-path at build time) can be used as part of
the verification chain by default.

This does override the ca-path property of the 802.1x connection,
but given that you can't set that via the UI either, it's not
a problem.
---
 src/wireless-security/eap-method-leap.c   | 1 +
 src/wireless-security/eap-method-simple.c | 1 +
 src/wireless-security/eap-method-tls.c    | 8 ++++++--
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/wireless-security/eap-method-leap.c b/src/wireless-security/eap-method-leap.c
index 3a1545e..93bb32d 100644
--- a/src/wireless-security/eap-method-leap.c
+++ b/src/wireless-security/eap-method-leap.c
@@ -106,6 +106,7 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
 	if (method->new_connection) {
 		g_object_set (s_8021x,
 		              NM_SETTING_802_1X_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
+		              NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE,
 		              NULL);
 	}
 }
diff --git a/src/wireless-security/eap-method-simple.c b/src/wireless-security/eap-method-simple.c
index 6463c46..43063dd 100644
--- a/src/wireless-security/eap-method-simple.c
+++ b/src/wireless-security/eap-method-simple.c
@@ -169,6 +169,7 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
 	if (method->new_connection && (not_saved == FALSE)) {
 		g_object_set (s_8021x,
 		              NM_SETTING_802_1X_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
+		              NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE,
 		              NULL);
 	}
 }
diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c
index d4efd5a..da02873 100644
--- a/src/wireless-security/eap-method-tls.c
+++ b/src/wireless-security/eap-method-tls.c
@@ -167,8 +167,12 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
 	g_free (pk_filename);
 
 	/* Default to agent-owned secrets for new connections */
-	if (method->new_connection)
-		g_object_set (s_8021x, secret_flag_prop, NM_SETTING_SECRET_FLAG_AGENT_OWNED, NULL);
+	if (method->new_connection) {
+		g_object_set (s_8021x,
+		              secret_flag_prop, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
+		              NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE,
+		              NULL);
+	}
 
 	/* TLS client certificate */
 	if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
-- 
1.7.11.7




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]