diff options
Diffstat (limited to 'libnm-core/nm-setting-8021x.c')
-rw-r--r-- | libnm-core/nm-setting-8021x.c | 50 |
1 files changed, 34 insertions, 16 deletions
diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c index ade34ff554..0d614d4fa1 100644 --- a/libnm-core/nm-setting-8021x.c +++ b/libnm-core/nm-setting-8021x.c @@ -3576,15 +3576,18 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *klass) * Contains the CA certificate if used by the EAP method specified in the * #NMSetting8021x:eap property. * - * Certificate data is specified using a "scheme"; two are currently - * supported: blob and path. When using the blob scheme (which is backwards - * compatible with NM 0.7.x) this property should be set to the - * certificate's DER encoded data. When using the path scheme, this property - * should be set to the full UTF-8 encoded path of the certificate, prefixed - * with the string "file://" and ending with a terminating NUL byte. This - * property can be unset even if the EAP method supports CA certificates, + * Certificate data is specified using a "scheme"; three are currently + * supported: blob, path and pkcs#11 URL. When using the blob scheme this property + * should be set to the certificate's DER encoded data. When using the path + * scheme, this property should be set to the full UTF-8 encoded path of the + * certificate, prefixed with the string "file://" and ending with a terminating + * NUL byte. + * This property can be unset even if the EAP method supports CA certificates, * but this allows man-in-the-middle attacks and is NOT recommended. * + * Note that enabling NMSetting8021x:system-ca-certs will override this + * setting to use the built-in path, if the built-in path is not a directory. + * * Setting this property directly is discouraged; use the * nm_setting_802_1x_set_ca_cert() function instead. **/ @@ -3643,11 +3646,14 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *klass) * UTF-8 encoded path to a directory containing PEM or DER formatted * certificates to be added to the verification chain in addition to the * certificate specified in the #NMSetting8021x:ca-cert property. + * + * If NMSetting8021x:system-ca-certs is enabled and the built-in CA + * path is an existing directory, then this setting is ignored. **/ /* ---ifcfg-rh--- * property: ca-path - * variable: (none) - * description: The property is not handled by ifcfg-rh plugin. + * variable: IEEE_8021X_CA_PATH(+) + * description: The search path for the certificate. * ---end--- */ obj_properties[PROP_CA_PATH] = @@ -3964,15 +3970,18 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *klass) * in the #NMSetting8021x:phase2-auth or #NMSetting8021x:phase2-autheap * properties. * - * Certificate data is specified using a "scheme"; two are currently - * supported: blob and path. When using the blob scheme (which is backwards - * compatible with NM 0.7.x) this property should be set to the - * certificate's DER encoded data. When using the path scheme, this property - * should be set to the full UTF-8 encoded path of the certificate, prefixed - * with the string "file://" and ending with a terminating NUL byte. This - * property can be unset even if the EAP method supports CA certificates, + * Certificate data is specified using a "scheme"; three are currently + * supported: blob, path and pkcs#11 URL. When using the blob scheme this property + * should be set to the certificate's DER encoded data. When using the path + * scheme, this property should be set to the full UTF-8 encoded path of the + * certificate, prefixed with the string "file://" and ending with a terminating + * NUL byte. + * This property can be unset even if the EAP method supports CA certificates, * but this allows man-in-the-middle attacks and is NOT recommended. * + * Note that enabling NMSetting8021x:system-ca-certs will override this + * setting to use the built-in path, if the built-in path is not a directory. + * * Setting this property directly is discouraged; use the * nm_setting_802_1x_set_phase2_ca_cert() function instead. **/ @@ -4024,7 +4033,16 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *klass) * UTF-8 encoded path to a directory containing PEM or DER formatted * certificates to be added to the verification chain in addition to the * certificate specified in the #NMSetting8021x:phase2-ca-cert property. + * + * If NMSetting8021x:system-ca-certs is enabled and the built-in CA + * path is an existing directory, then this setting is ignored. **/ + /* ---ifcfg-rh--- + * property: phase2-ca-path + * variable: IEEE_8021X_PHASE2_CA_PATH(+) + * description: The search path for the certificate. + * ---end--- + */ obj_properties[PROP_PHASE2_CA_PATH] = g_param_spec_string (NM_SETTING_802_1X_PHASE2_CA_PATH, "", "", NULL, |