Commit a995244e authored by Beniamino Galvani's avatar Beniamino Galvani

ifcfg-rh: write client certificate even if it is pkcs12

The writer should only persist properties without too much additional
logic, which should be instead embedded in the setting itself.
parent 3a4a09b6
......@@ -3117,10 +3117,6 @@ eap_tls_reader (const char *eap_method,
&client_cert,
error))
return FALSE;
/* FIXME: writer does not actually write IEEE_8021X_CLIENT_CERT_PASSWORD and other
* certificate related passwords. It should, because otherwise persisting such profiles
* to ifcfg looses information. As this currently only matters for PKCS11 URIs, it seems
* a seldom used feature so that it is not fixed yet. */
_secret_set_from_ifcfg (s_8021x,
ifcfg,
keys_ifcfg,
......
......@@ -345,23 +345,13 @@ write_8021x_certs (NMSetting8021x *s_8021x,
if (!write_object (s_8021x, ifcfg, secrets, blobs, otype, error))
return FALSE;
/* Client certificate */
if (otype->vtable->format_func (s_8021x) == NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
/* Don't need a client certificate with PKCS#12 since the file is both
* the client certificate and the private key in one file.
*/
svSetValueStr (ifcfg,
phase2 ? "IEEE_8021X_INNER_CLIENT_CERT" : "IEEE_8021X_CLIENT_CERT",
NULL);
} else {
/* Save the client certificate */
if (!write_object (s_8021x, ifcfg, secrets, blobs,
phase2
? &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_PHASE2_CLIENT_CERT]
: &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_CLIENT_CERT],
error))
return FALSE;
}
/* Save the client certificate */
if (!write_object (s_8021x, ifcfg, secrets, blobs,
phase2
? &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_PHASE2_CLIENT_CERT]
: &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_CLIENT_CERT],
error))
return FALSE;
return TRUE;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment