Re: Network-Manager 0.7.2 TLS problem

From: DAVID ZHOU <zhouwei926 gmail com>
To: Dan Williams <dcbw redhat com>
Cc: networkmanager-list gnome org
Subject: Re: Network-Manager 0.7.2 TLS problem
Date: Wed, 11 Aug 2010 09:51:02 +0800

Hi Dan,

I checked the source code of network-manager-applet 0.7.2 and 0.8.1, find there are differences in eap-method-tls.c:

for the : setup_filepicker,

in 0.7.2:

static void
setup_filepicker (GladeXML *xml,
                  const char *name,
                  const char *title,
                  WirelessSecurity *parent,
                  EAPMethodTLS *method,
                  NMConnection *connection,
                  const char *tag)
{
GtkWidget *widget;
GtkFileFilter *filter;
const char *filename = NULL;
gboolean privkey = FALSE, client_cert = FALSE;

if (!strcmp (tag, NMA_PATH_PHASE2_PRIVATE_KEY_TAG) || !strcmp (tag, NMA_PATH_PRIVATE_KEY_TAG))
privkey = TRUE;
if (!strcmp (tag, NMA_PATH_PHASE2_CLIENT_CERT_TAG) || !strcmp (tag, NMA_PATH_CLIENT_CERT_TAG))
client_cert = TRUE;

widget = glade_xml_get_widget (xml, name);
g_assert (widget);
gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget), title);

if (connection && tag) {
  filename = g_object_get_data (G_OBJECT (connection), tag);
  if (filename)
   gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename);
}

/* Connect a special handler for private keys to intercept PKCS#12 key types
* and desensitize the user cert button.
*/
if (privkey) {
  g_signal_connect (G_OBJECT (widget), "selection-changed",
                    (GCallback) private_key_picker_file_set_cb,
                    method);
  if (filename)
   private_key_picker_helper ((EAPMethod *) method, filename, FALSE);
}

g_signal_connect (G_OBJECT (widget), "selection-changed",
(GCallback) wireless_security_changed_cb,
parent);

filter = eap_method_default_file_chooser_filter_new (privkey);
gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);

/* For some reason, GTK+ calls set_current_filter (..., NULL) from
* gtkfilechooserdefault.c::show_and_select_files_finished_loading() on our
* dialog; so force-reset the filter to what we want it to be whenever
* it gets cleared.
*/
if (client_cert)
g_signal_connect (G_OBJECT (widget), "notify::filter", (GCallback) reset_filter, filter);
}

and in 0.8.1: there is a path funtion in it:

static void
setup_filepicker (GladeXML *xml,
                  const char *name,
                  const char *title,
                  WirelessSecurity *parent,
                  EAPMethodTLS *method,
                  NMSetting8021x *s_8021x,
                  SchemeFunc scheme_func,
                  PathFunc path_func,
                  gboolean privkey,
                  gboolean client_cert)
{
GtkWidget *widget;
GtkFileFilter *filter;
const char *filename = NULL;

if (s_8021x && path_func && scheme_func) {
  if (scheme_func (s_8021x) == NM_SETTING_802_1X_CK_SCHEME_PATH) {
   filename = path_func (s_8021x);
   if (filename)
    gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename);
  }
}

g_signal_connect (G_OBJECT (widget), "selection-changed",
(GCallback) wireless_security_changed_cb,
parent);

filter = eap_method_default_file_chooser_filter_new (privkey);
gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);

If I want to add the path function to the 0.7.2, could you please give me some support on how to do it ? Thanks!

2010/8/11 DAVID ZHOU <zhouwei926 gmail com>

Hi Dan,

It is a .p12 file for sercurity key and .crt file for CA.

2010/8/11 Dan Williams <dcbw redhat com>

On Tue, 2010-08-10 at 09:19 +0800, DAVID ZHOU wrote:
> Hi Dan,
>
> Thanks very much ! Here is my debug output. My steps is :
>
> 1. launch nm-connection-editor through the terminor and add a
> connection, input the fields I mentioned in the previous mail. Close
> it.

What are the top few lines of your private key? Is it a .PEM file,
a .pk12 file, or a .der file? It appears that nm-connection-editor is
not able to determine the private key type, which is used to verify that
the password you enter will actually unlock the private key you've
specified.

For example, an old-style openssl RSA private key starts like this:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,5FA2D6D6242C26D0

PKCS#12 and DER files are actually binary and won't have this header,
but it would be useful to know what kind of key yours is so we can make
sure that it's supported.

Dan

> 2. Re-launch the nm-connection editor again and check the connection.
>
> 3. the debug output
> davidzhou debianzhouwei:~$ nm-connection-editor
> (nm-connection-editor:19238): GLib-CRITICAL **: g_hash_table_foreach:
> assertion `hash_table != NULL' failed
> ** (nm-connection-editor:19238): WARNING **: nm_connection_list_new:
> failed to load VPN plugins: Couldn't read VPN .name files
> directory /etc/NetworkManager/VPN.
> (nm-connection-editor:19238): libglade-WARNING **: unknown property
> `orientation' for class `GtkVBox'
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless:
> ssid
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless:
> ssid
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Error: couldn't verify
> private key: 3 Unable to determine private key type.
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Error: couldn't verify
> private key: 3 Unable to determine private key type.
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Error: couldn't verify
> private key: 3 Unable to determine private key type.
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Error: couldn't verify
> private key: 3 Unable to determine private key type.
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Error: couldn't verify
> private key: 3 Unable to determine private key type.
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): WARNING **: Error: couldn't verify
> private key: 3 Unable to determine private key type.
> ** (nm-connection-editor:19238): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
> ** (nm-connection-editor:19238): CRITICAL **:
> crypto_get_private_key_data: assertion `password != NULL' failed
> davidzhou debianzhouwei:~$ nm-connection-editor
> (nm-connection-editor:19302): GLib-CRITICAL **: g_hash_table_foreach:
> assertion `hash_table != NULL' failed
> ** (nm-connection-editor:19302): WARNING **: nm_connection_list_new:
> failed to load VPN plugins: Couldn't read VPN .name files
> directory /etc/NetworkManager/VPN.
> (nm-connection-editor:19302): libglade-WARNING **: unknown property
> `orientation' for class `GtkVBox'
> ** (nm-connection-editor:19302): WARNING **: Invalid setting Wireless
> Security: Invalid wireless security
>
>
>
>
> 2010/8/10 Dan Williams <dcbw redhat com>
> On Mon, 2010-08-09 at 14:20 +0800, DAVID ZHOU wrote:
> > Hi,
> > I am using Debian Lenny with Network-Manager 0.7.2
> > Here is the problem I am currently meet:
> >
> > Use System--->Preference--->Network Connections to add a
> wireless
> > connection, and I use WPA/WPA2 Enterprices, TLS, after I
> input
> > identities,
> > select the right CA file and Private Key file, password.
> After that I
> > close the Network Connections Dialogue. Then reopen the
> Dialogue, only
> > find that the CA file path and Private Key file path is
> missing. As
> > the followed picture shown.
>
>
> Can you run 'nm-connection-editor' in a terminal, reproduce
> the problem
> in the editor, and then reply with the debug output from that
> terminal?
> That might give us a better idea of what's going on.
>
> Dan
>
>

Follow-Ups:
- Re: Network-Manager 0.7.2 TLS problem
  - From: Dan Williams

References:
- Network-Manager 0.7.2 TLS problem
  - From: DAVID ZHOU
- Re: Network-Manager 0.7.2 TLS problem
  - From: Dan Williams
- Re: Network-Manager 0.7.2 TLS problem
  - From: DAVID ZHOU
- Re: Network-Manager 0.7.2 TLS problem
  - From: Dan Williams
- Re: Network-Manager 0.7.2 TLS problem
  - From: DAVID ZHOU

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]