NetworkManager

mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-06-06 03:38:32 +02:00

History

Jiří Klimeš 640eb8f284 supplicant: allow with_system_ca_path to be a file name (rh #1236548 ) NetworkManager uses wpa_supplicant, which in turn calls OpenSSL for verifying certificates. wpa_supplicant calls SSL_CTX_load_verify_locations(ctx, CAfile, CApath) using its ca_cert and ca_path options as CAfile and CApath parameters. We have a configure time option with_system_ca_path to override ca_path. However, it doesn't work when a system (like Fedora) only uses bundled PEM certificates instead of a directory with hashed certificates ([1], [2]). So this commit allows setting --with_system_ca_path to a file name (the trusted certificate bundle). Then the name is used to populate wpa_supplicant's ca_cert instead of ca_path. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1053882 [2] https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/ https://bugzilla.redhat.com/show_bug.cgi?id=1236548	2015-07-08 17:07:02 +02:00
..
fedora	supplicant: allow with_system_ca_path to be a file name (rh #1236548 )	2015-07-08 17:07:02 +02:00
scripts	nm-import-openvpn: import 'float' OpenVPN option	2015-05-28 12:04:58 +02:00

Jiří Klimeš 640eb8f284 supplicant: allow with_system_ca_path to be a file name (rh #1236548 )

NetworkManager uses wpa_supplicant, which in turn calls OpenSSL for verifying
certificates. wpa_supplicant calls
SSL_CTX_load_verify_locations(ctx, CAfile, CApath)
using its ca_cert and ca_path options as CAfile and CApath parameters.

We have a configure time option with_system_ca_path to override ca_path.
However, it doesn't work when a system (like Fedora) only uses bundled PEM
certificates instead of a directory with hashed certificates ([1], [2]).

So this commit allows setting --with_system_ca_path to a file name (the
trusted certificate bundle). Then the name is used to populate wpa_supplicant's
ca_cert instead of ca_path.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1053882
[2] https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/

https://bugzilla.redhat.com/show_bug.cgi?id=1236548

2015-07-08 17:07:02 +02:00

fedora

supplicant: allow with_system_ca_path to be a file name (rh #1236548 )

2015-07-08 17:07:02 +02:00

scripts

nm-import-openvpn: import 'float' OpenVPN option

2015-05-28 12:04:58 +02:00