Skip to content
Commit c798c40c authored by Thomas Haller's avatar Thomas Haller
Browse files

Revert "libnm-gtk: default to system CA certificates for validation for new connections"

This reverts commit 3021ce12.

For EAP connections it usually does not make sense to validate the
certificate with the system CA store. User mostly either want to
provide the one exact certificate (ca-cert) or don't do any validation
at all.

Previously, nm-connection-editor set the property system-ca-certs=true
for new connections, but there was no field in the UI to unset this
setting. This effectively meant, that if the user did not provide a
valid ca-cert (or put the certificate in the system wide store) the
connection could not be established.

Change the behavior, so that new connections created by nm-c-e don't
have system-ca-certs set.

The system-ca-certs property cannot be configured from the UI and nm-c-e
will not touch it in existing connection. This makes sense, because referring
to the system store is not a common use case. On the other hand, users who
*really* want to use this option, can do so using e.g. nmcli. In that case,
nm-c-e will not tamper with the setting.

Connections that were created by older versions of nm-c-e might be
unable to connect. The system-ca-certs option can be unset with:

  $ nmcli connection modify id "$ID" 802-1x.system-ca-certs false

https://bugzilla.gnome.org/show_bug.cgi?id=702608



Signed-off-by: default avatarThomas Haller <thaller@redhat.com>
parent 77216f3e
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment