[Pkg-swan-devel] Bug#1004166: strongswan-nm: Creates VPN configs that disable using system CA certificate directories
Tobias Brunner
tobias at strongswan.org
Tue Jan 25 08:21:25 GMT 2022
Hi Daniel,
> Applying any change to any field in the
> NetworkManager strongswan VPN plugin config will write a text config
> file with the 'certificate=' line.
As I said, I can't reproduce this. I can change whatever in the GUI, no
"certificate=" line is added to the config file.
> Notice the missing 'certificate=' line. However, any change made in the
> GUI would restore the certificate= line as show below:
I don't see how. The GUI checks gtk_file_chooser_get_filename() and
only if that returns a value != NULL will "certificate" be written to
the config. That's why I was asking what the GUI actually displays in
that file chooser in your case.
According to the reference [1], NULL is returned "if no file is
selected, or the selected file can't be represented with a local
filename", I don't think an empty string should be returned.
> Alternatively, strongswan should
> assume 'certificate=' indicates the system certificates should be used.
Yes, we could add a check for an empty string, but the setting shouldn't
be there with an empty string in the first place.
Regards,
Tobias
[1] https://docs.gtk.org/gtk3/method.FileChooser.get_filename.html
More information about the Pkg-swan-devel
mailing list