[PATCH] libnm-gtk: default to system CA certificates for validation for new connections

Thu, 08 Nov 2012 10:56:21 -0800 

Default to passing the system CA path to wpa_supplicant so that
certificates in /etc/ssl/certs (or whatever was given with
--with-system-ca-path at build time) can be used as part of
the verification chain by default.

This does override the ca-path property of the 802.1x connection,
but given that you can't set that via the UI either, it's not
a problem.
---
 src/wireless-security/eap-method-leap.c   | 1 +
 src/wireless-security/eap-method-simple.c | 1 +
 src/wireless-security/eap-method-tls.c    | 8 ++++++--
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/wireless-security/eap-method-leap.c 
b/src/wireless-security/eap-method-leap.c
index 3a1545e..93bb32d 100644
--- a/src/wireless-security/eap-method-leap.c
+++ b/src/wireless-security/eap-method-leap.c
@@ -106,6 +106,7 @@ fill_connection (EAPMethod *parent, NMConnection 
*connection)
        if (method->new_connection) {
                g_object_set (s_8021x,
                              NM_SETTING_802_1X_PASSWORD_FLAGS, 
NM_SETTING_SECRET_FLAG_AGENT_OWNED,
+                             NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE,
                              NULL);
        }
 }
diff --git a/src/wireless-security/eap-method-simple.c 
b/src/wireless-security/eap-method-simple.c
index 6463c46..43063dd 100644
--- a/src/wireless-security/eap-method-simple.c
+++ b/src/wireless-security/eap-method-simple.c
@@ -169,6 +169,7 @@ fill_connection (EAPMethod *parent, NMConnection 
*connection)
        if (method->new_connection && (not_saved == FALSE)) {
                g_object_set (s_8021x,
                              NM_SETTING_802_1X_PASSWORD_FLAGS, 
NM_SETTING_SECRET_FLAG_AGENT_OWNED,
+                             NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE,
                              NULL);
        }
 }
diff --git a/src/wireless-security/eap-method-tls.c 
b/src/wireless-security/eap-method-tls.c
index d4efd5a..da02873 100644
--- a/src/wireless-security/eap-method-tls.c
+++ b/src/wireless-security/eap-method-tls.c
@@ -167,8 +167,12 @@ fill_connection (EAPMethod *parent, NMConnection 
*connection)
        g_free (pk_filename);
 
        /* Default to agent-owned secrets for new connections */
-       if (method->new_connection)
-               g_object_set (s_8021x, secret_flag_prop, 
NM_SETTING_SECRET_FLAG_AGENT_OWNED, NULL);
+       if (method->new_connection) {
+               g_object_set (s_8021x,
+                             secret_flag_prop, 
NM_SETTING_SECRET_FLAG_AGENT_OWNED,
+                             NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE,
+                             NULL);
+       }
 
        /* TLS client certificate */
        if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
-- 
1.7.11.7


_______________________________________________
networkmanager-list mailing list
[email protected]
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Reply via email to