From 0812413c9d495488155feb0427f807e51400345a Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Fri, 7 Apr 2017 16:47:44 +0200
Subject: [PATCH] ifcfg-rh: fix loading the PKCS#11 client certificate

Contrary to the comment above, the reader would skip the client certificate
even if the key is on PKCS#11 token, not just in a PKCS#12 archive.
---
 src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
index ee96feea89..6282d22abd 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
@@ -2794,8 +2794,7 @@ eap_tls_reader (const char *eap_method,
 	 * then nm_setting_802_1x_set_private_key() already set the client certificate
 	 * to the same value as the private key.
 	 */
-	if (   privkey_format == NM_SETTING_802_1X_CK_FORMAT_RAW_KEY
-	    || privkey_format == NM_SETTING_802_1X_CK_FORMAT_X509) {
+	if (privkey_format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
 		gs_free char *real_cert_value = NULL;
 		gs_free char *client_cert = NULL;