File nm-openvpn-fix-importing-pkcs12-ca.patch of Package NetworkManager-openvpn.30670

From a8b64424a2d6078e8ee2347af9df2c61d1c6227a Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 6 Jul 2022 10:28:20 +0200
Subject: [PATCH] import: fix importing profiles with PKCS#12 CA

'have_ca' indicates whether we have an explicit CA cert; don't set it
when the CA is from a PKCS#12 file.

Without this fix, trying to import a profile with a PKCS#12 that
includes the CA certificate results in error:

 "--ca can not be PKCS#12 format"

because we first set have_pkcs12=TRUE, have_ca=TRUE and then we check
that the CA is not in PKCS#12 format.

Fixes: 34a0c9257aac ("Handle the various pkcs12/cert/key/ca combinations.")

https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/83
https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/merge_requests/50
---
 properties/import-export.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/properties/import-export.c b/properties/import-export.c
index 7c51a20..c3ace34 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -1297,10 +1297,8 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
 
 			if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_PKCS12)) {
 				 /* OpenVPN allows --pkcs12 with external (PEM) --ca. Don't overwrite it with the PKCS#12 file. */
-				if (!have_ca) {
+				if (!have_ca)
 					setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_CA, file);
-					have_ca = TRUE;
-				}
 				setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_CERT, file);
 				setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_KEY, file);
 				have_pkcs12 = TRUE;
-- 
2.40.0