mirror of
https://github.com/linux-system-roles/network.git
synced 2026-01-23 02:15:17 +00:00
b10a4956e6
https://issues.redhat.com/browse/RHEL-87511 The `system_ca_certs: true` flag in NM tells wpa_supplicant to load the legacy single‑file CA bundle (historically at /etc/pki/tls/cert.pem). Under CentOS Stream 9 (and RHEL 8), that path existed (either as a file or a symlink to the bundle), so the default “system” loading worked. On CentOS Stream 10 (RHEL 10), Red Hat switched to a hashed directory trust store and removed `/etc/pki/tls/cert.pem` to optimize OpenSSL performance as indicated in https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10-beta/html/10.0_beta_release_notes/removed-features and https://issues.redhat.com/browse/RHEL-50293. wpa_supplicant's "system_ca_certs" code still tries the old cert.pem path, sees "No such file or directory" and aborts the TLS setup: ``` OpenSSL: tls_connection_ca_cert - Failed to load root certificates - No such file or directory EAP‑TLS: Failed to initialize SSL. ``` Hence `system_ca_certs: true` silently fails on Stream 10 because there is no longer a single‑file CA bundle at that location. The new ansible-lint does not like variables in play names. Signed-off-by: Rich Megginson <rmeggins@redhat.com>
7 lines
167 B
YAML
7 lines
167 B
YAML
# SPDX-License-Identifier: BSD-3-Clause
|
|
---
|
|
- name: Run the tasklist
|
|
hosts: all
|
|
tasks:
|
|
- name: Include the task '{{ task }}'
|
|
include_tasks: "{{ task }}"
|