Commit ba7cf175 Don't force PreventInvalidCert setting

[David Woodhouse]

On 5 May 2023 17:55:57 BST, Daniel Lenski <dlenski at gmail.com> wrote:
>On Fri, May 5, 2023 at 5:25 AM Grant Williamson <traxtopel at gmail.com> wrote:
>> It appears I have an issue when attempting to edit an existing
>> connection using the "copr build ba7cf175", as an WARNING message is
>> displayed in the terminal indicating that "ca.pem uses an unknown
>> scheme". Will not add/import or save the ca,pem to the vpn
>> configuration.

The "unknown scheme" thing is what happens when you try to set a bare pathname and it's expecting a URI starting with file://

I fixed this for the client certs when merging
https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/commit/92e93976264e69cee708a13d3f4f7006d7a2593b
but perhaps we need to fix the CA too?

>Are you referring specifically to this change in the
>NetworkManager-openconnect plugin?
>(https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/commit/ba7cf175)
>
>> However, when using the "nmcli" command to add the "ca.pem" file to the connection, there are no issues, and a similar "ca.pem" file is successfully used for wireless connections without encountering the warning message.
>
>I suspect that this is related to
>https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/issues/66
>…
>
>When attempting to choose a cert in the GUI, but not when using
>'nmcli', it forcibly prepends the user's $HOME to the front of the
>cert path.

I think this should be working nm-connection-editor now; I tested it yesterday. In gnome-control-center it lets you select a PKCS#11 token but won't show you any objects therein.