Commit 90517f1b authored by Beniamino Galvani's avatar Beniamino Galvani

ifcfg-rh: write client certificate even if it is pkcs12

The writer should only persist properties without too much additional
logic, which should be instead embedded in the setting itself.

(cherry picked from commit a995244e)
(cherry picked from commit 5a5cd8d0)
parent c71b4726
...@@ -3156,10 +3156,6 @@ eap_tls_reader (const char *eap_method, ...@@ -3156,10 +3156,6 @@ eap_tls_reader (const char *eap_method,
&client_cert, &client_cert,
error)) error))
return FALSE; return FALSE;
/* FIXME: writer does not actually write IEEE_8021X_CLIENT_CERT_PASSWORD and other
* certificate related passwords. It should, because otherwise persisting such profiles
* to ifcfg looses information. As this currently only matters for PKCS11 URIs, it seems
* a seldom used feature so that it is not fixed yet. */
_secret_set_from_ifcfg (s_8021x, _secret_set_from_ifcfg (s_8021x,
ifcfg, ifcfg,
keys_ifcfg, keys_ifcfg,
...@@ -358,23 +358,13 @@ write_8021x_certs (NMSetting8021x *s_8021x, ...@@ -358,23 +358,13 @@ write_8021x_certs (NMSetting8021x *s_8021x,
if (!write_object (s_8021x, ifcfg, secrets, blobs, otype, error)) if (!write_object (s_8021x, ifcfg, secrets, blobs, otype, error))
return FALSE; return FALSE;
/* Client certificate */ /* Save the client certificate */
if (otype->vtable->format_func (s_8021x) == NM_SETTING_802_1X_CK_FORMAT_PKCS12) { if (!write_object (s_8021x, ifcfg, secrets, blobs,
/* Don't need a client certificate with PKCS#12 since the file is both phase2
* the client certificate and the private key in one file. ? &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_PHASE2_CLIENT_CERT]
*/ : &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_CLIENT_CERT],
svSetValueStr (ifcfg, error))
phase2 ? "IEEE_8021X_INNER_CLIENT_CERT" : "IEEE_8021X_CLIENT_CERT", return FALSE;
} else {
/* Save the client certificate */
if (!write_object (s_8021x, ifcfg, secrets, blobs,
? &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_PHASE2_CLIENT_CERT]
: &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_CLIENT_CERT],
return FALSE;
return TRUE; return TRUE;
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment