Hi, I've been thinking about the code that I recently modified. The handle_blob_item function checks if the blob markers (----BEGIN CERTIFICATE---- etc.) are present and returns false without consuming any lines if they're missing. I fail to see the point, why not just copy everything between the begin and end tags? This is simpler and more consistent, because for non-inline certificates/keys/... this is also not checked, not to mention that pkcs12 blobs (which currently also don't work in nm-openvpn) don't have those markers at all. It also makes error detection harder. If you import an OpenVPN configuration with broken blob markers, nm-openvpn will silently ignore the blobs and proceed with the import, leaving people unable to figure out what went wrong. Otoh OpenVPN *will* tell you want went wrong if you try to use a certificate with broken blob markers: "Cannot load CA certificate file /home/mberndt/.cert/client-ca.pem (no entries were read) (OpenSSL)".
Oh, and there's another thing: afaics, if you don't use inline blobs but files for the certificate/key/ca, nm-openvpn will not copy them somewhere safe (~/.cert, say) – bad idea. Jane User will plug in her USB stick, import her OpenVPN configuration from it and then start cursing the next day when she can't connect any longer after unplugging it. What do you guys think? _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
