Revert "libnm-gtk: default to system CA certificates for validation for new connections"
This reverts commit 3021ce12. For EAP connections it usually does not make sense to validate the certificate with the system CA store. User mostly either want to provide the one exact certificate (ca-cert) or don't do any validation at all. Previously, nm-connection-editor set the property system-ca-certs=true for new connections, but there was no field in the UI to unset this setting. This effectively meant, that if the user did not provide a valid ca-cert (or put the certificate in the system wide store) the connection could not be established. Change the behavior, so that new connections created by nm-c-e don't have system-ca-certs set. The system-ca-certs property cannot be configured from the UI and nm-c-e will not touch it in existing connection. This makes sense, because referring to the system store is not a common use case. On the other hand, users who *really* want to use this option, can do so using e.g. nmcli. In that case, nm-c-e will not tamper with the setting. Connections that were created by older versions of nm-c-e might be unable to connect. The system-ca-certs option can be unset with: $ nmcli connection modify id "$ID" 802-1x.system-ca-certs false https://bugzilla.gnome.org/show_bug.cgi?id=702608 Signed-off-by: Thomas Haller <thaller@redhat.com>
parent
77216f3e
Please register or sign in to comment