nm: Make global CA directory configurable

3 files changed, 6 insertions, 1 deletions

diff --git a/conf/Makefile.am b/conf/Makefile.am
index 146ccf177..4588b0999 100644
--- a/conf/Makefile.am
+++ b/conf/Makefile.am
@@ -13,6 +13,7 @@ options = \
 	options/attest.opt \
 	options/charon.opt \
 	options/charon-logging.opt \
+	options/charon-nm.opt \
 	options/charon-systemd.opt \
 	options/imcv.opt \
 	options/imv_policy_manager.opt \
diff --git a/conf/options/charon-nm.opt b/conf/options/charon-nm.opt
new file mode 100644
index 000000000..6372934bd
--- /dev/null
+++ b/conf/options/charon-nm.opt
@@ -0,0 +1,3 @@
+charon-nm.ca_dir = <default>
+	Directory from which to load CA certificates if no certificate is
+	configured.
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index 8248d364f..c4dd9e05b 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -396,7 +396,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
 	else
 	{
 		/* no certificate defined, fall back to system-wide CA certificates */
-		priv->creds->load_ca_dir(priv->creds, NM_CA_DIR);
+		priv->creds->load_ca_dir(priv->creds, lib->settings->get_str(
+								 lib->settings, "charon-nm.ca_dir", NM_CA_DIR));
 	}
 	if (!gateway)
 	{