mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-07 00:31:11 +00:00
640eb8f284
NetworkManager uses wpa_supplicant, which in turn calls OpenSSL for verifying certificates. wpa_supplicant calls SSL_CTX_load_verify_locations(ctx, CAfile, CApath) using its ca_cert and ca_path options as CAfile and CApath parameters. We have a configure time option with_system_ca_path to override ca_path. However, it doesn't work when a system (like Fedora) only uses bundled PEM certificates instead of a directory with hashed certificates ([1], [2]). So this commit allows setting --with_system_ca_path to a file name (the trusted certificate bundle). Then the name is used to populate wpa_supplicant's ca_cert instead of ca_path. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1053882 [2] https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/ https://bugzilla.redhat.com/show_bug.cgi?id=1236548 |
||
---|---|---|
.. | ||
fedora | ||
scripts |