Description of problem:
When trying to connect to an OpenVPN connection from NetworkManager, /var/log/messasges says:
nm-openvpn TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Note that I can connect with the command-line version of openvpn just fine.

Some searching on google reveals that NM adds
> g_ptr_array_add (openvpn_argv, (gpointer) "--ns-cert-type");
> g_ptr_array_add (openvpn_argv, (gpointer) "server");  

When calling OpenVPN, which causes it to fail (many) certificates.
The server I'm connecting to is an appliance, so it is unlikely that I'll be able to change the certs to get around this issue.

Note that Ubuntu considered this to be a bug, and fixed it last year by adding a user-configurable option:
https://bugs.launchpad.net/network-manager-openvpn/+bug/94788
"Introduced a new configuration option enabling users to turn off the check for a proper `nsCertType=server' extension bit set in the server's certificate. (LP: #94788)"


Version-Release number of selected component (if applicable):
NetworkManager-0.7.0-0.9.4.svn3675.fc9.i386
NetworkManager-openvpn-0.7.0-14.svn3632.fc9.i386
openvpn-2.1-0.26.rc8.fc9.i386

NetworkManager-vpnc-0.7.0-0.7.7.svn3627.fc9.i386
NetworkManager-glib-0.7.0-0.9.4.svn3675.fc9.i386
NetworkManager-gnome-0.7.0-0.9.4.svn3675.fc9.i386


How reproducible:
always

Steps to Reproduce:
1. setup connection with X509 certs + password
2. try to connect
3.
  
Actual results:
error above

Expected results:
connect

Additional info:
I agree with the Ubuntu folks that this should be a user-configurable option. Too bad their patch didn't get into upstream for NM.
IIRC NM is developed by RH, so I'm hoping someone here could push it up.

Thanks!