Re: WPA Enterprise (EAP-TLS) system connection
- From: Rafał Lichwała <rafal siliconet pl>
- To: Dan Williams <dcbw redhat com>
- Cc: networkmanager-list gnome org
- Subject: Re: WPA Enterprise (EAP-TLS) system connection
- Date: Fri, 05 Dec 2008 14:25:20 +0100
Hi,
Below some details and updates about EAP-TLS wired connection problems
in Network Manager.
I was looking into source code for a while and that's what I found:
When I fill in all the certs (client cert, CA cert, client key - all in
PEM format) and then click "Apply" I have the following in console for
the nm-connection-editor:
#########################
** (nm-connection-editor:29948): WARNING **: Unhandled setting secret
type (write) '802-1x/private-key' : 'GArray_guchar_'
** (nm-connection-editor:29948): WARNING **: Unhandled setting secret
type (write) '802-1x/phase2-private-key' : 'GArray_guchar_'
** (nm-connection-editor:29948): WARNING **:
nma_gconf_connection_changed: Invalid connection
/system/networking/connections/4: 'NMSetting8021x' / 'client-cert'
invalid: 2
#########################
And no connection settings are stored.
I've also checked that "nma_gconf_connection_changed" function is called
in that case (in
network-manager-applet/src/gconf-helpers/nma-gconf-connection.c) and
function fails on:
utils_fill_connection_certs (gconf_connection);
I've checked this "utils_fill_connection_certs" function (in
network-manager-applet/src/utils/utils.c)
and it seems that getting file names for certificates entered by user in
dialogs does not work:
filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_CA_CERT_TAG);
filename = g_object_get_data (G_OBJECT (connection),
NMA_PATH_CLIENT_CERT_TAG);
filename = g_object_get_data (G_OBJECT (connection),
NMA_PATH_PHASE2_CA_CERT_TAG);
filename = g_object_get_data (G_OBJECT (connection),
NMA_PATH_PHASE2_CLIENT_CERT_TAG);
All these "filename" variables are NULL there.
The same in case I enter just client key in PKCS12 (in that case client
cert is disabled).
I'm not sure if I understand the source codes well, but I hope it's just
some hint to fix the problem :)
Cheers,
Rafal
Rafał Lichwała wrote:
Sorry for the confusion...
Some dependency packages were missing... :/
I remembered about "apt-get build-dep network-manager", but forgot about
"apt-get build-dep network-manager-applet" :/
I've installed them and network-manager-applet build is fine now! :)
So now I have NetworkManager svn4361 and network-manager-applet svn1053
installed, running and ready to test :)
Unfortunately EAP-TLS for wired connections still does not work (which
is the subject of this topic) :(
When I run nm-connection-editor in command line and try to create TLS
wired connection I have the following error messages:
################
** (nm-connection-editor:6664): WARNING **: Invalid setting 802.1x
Security: Invalid 802.1x security
** (nm-connection-editor:6664): WARNING **: Unhandled setting secret
type (write) '802-1x/private-key' : 'GArray_guchar_'
** (nm-connection-editor:6664): WARNING **: Unhandled setting secret
type (write) '802-1x/phase2-private-key' : 'GArray_guchar_'
** (nm-connection-editor:6664): WARNING **:
nma_gconf_connection_changed: Invalid connection
/system/networking/connections/2: 'NMSetting8021x' / 'client-cert'
invalid: 2
################
All the certs (client cert, client key and CA cert) are in PEM format
and stored in separate files.
Interesting thing is that after this try a connection file has been
created in:
/etc/NetworkManager/system-connections/test
("test" is a name of my test TLS wired connection).
and it seems to contain some valuable data.
But this connection settings are not visible in nm-connection-editor :(
There is only one (that was already there before my try) wired
connection named "Ifupdown (eth0)" which cannot be modified (all the UI
are disabled) and cannot be removed.
When I try to remove it I have "Removing connection failed:
nm-settings.c.333 - Read-only connections may not be deleted.."
Could you please take a look at the problem of creating TLS wired
connection? :)
Thanks!
Cheers,
Rafal
Rafał Lichwała wrote:
Dan Williams wrote:
Compile error should be fixed in svn4361 on both trunk and 0.7 stable
branches.
Thanks for this quick fix Dan! :)
NetworkManager build is fine now.
But network-manager-applet build is failing... :(
So I'm still not able to build "nm-connection-editor" (which is a part
of network-manager-applet) to test against EAP-TLS connection setup.
The build error is the following (network-manager-applet svn trunk
revision 1053):
###########
if /bin/bash ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H
-I. -I. -I../.. -I/usr/include/PolicyKit -DPOLKIT_VERSION_MAJOR=0
-DPOLKIT_VERSION_MINOR=9 -DPOLKIT_VERSION_MICRO=0
-I/usr/include/PolicyKit -I/usr/include/dbus-1.0
-I/usr/lib/dbus-1.0/include -DORBIT2=1 -pthread
-I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include
-I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include
-I/usr/include/NetworkManager -I/usr/include/libnm-glib
-I/usr/include/gtk-2.0 -I/usr/lib/gtk-2.0/include
-I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0
-I/usr/include/pixman-1 -I/usr/include/freetype2
-I/usr/include/libpng12 -I/usr/include/libglade-2.0
-I/usr/include/libxml2 -I/usr/include/gconf/2 -I/usr/include/orbit-2.0
-I/usr/include/gnome-keyring-1 -Wall -Werror -std=gnu89 -g -O2
-Wshadow -Wmissing-declarations -Wmissing-prototypes
-Wdeclaration-after-statement -Wfloat-equal -Wno-unused-parameter
-Wno-sign-compare -MT libpolkit_helpers_la-polkit-gnome-action.lo -MD
-MP -MF ".deps/libpolkit_helpers_la-polkit-gnome-action.Tpo" -c -o
libpolkit_helpers_la-polkit-gnome-action.lo `test -f
'polkit-gnome-action.c' || echo './'`polkit-gnome-action.c; \
then mv -f ".deps/libpolkit_helpers_la-polkit-gnome-action.Tpo"
".deps/libpolkit_helpers_la-polkit-gnome-action.Plo"; else rm -f
".deps/libpolkit_helpers_la-polkit-gnome-action.Tpo"; exit 1; fi
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I. -I../..
-I/usr/include/PolicyKit -DPOLKIT_VERSION_MAJOR=0
-DPOLKIT_VERSION_MINOR=9 -DPOLKIT_VERSION_MICRO=0
-I/usr/include/PolicyKit -I/usr/include/dbus-1.0
-I/usr/lib/dbus-1.0/include -DORBIT2=1 -pthread
-I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include
-I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include
-I/usr/include/NetworkManager -I/usr/include/libnm-glib
-I/usr/include/gtk-2.0 -I/usr/lib/gtk-2.0/include
-I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0
-I/usr/include/pixman-1 -I/usr/include/freetype2
-I/usr/include/libpng12 -I/usr/include/libglade-2.0
-I/usr/include/libxml2 -I/usr/include/gconf/2 -I/usr/include/orbit-2.0
-I/usr/include/gnome-keyring-1 -Wall -Werror -std=gnu89 -g -O2
-Wshadow -Wmissing-declarations -Wmissing-prototypes
-Wdeclaration-after-statement -Wfloat-equal -Wno-unused-parameter
-Wno-sign-compare -MT libpolkit_helpers_la-polkit-gnome-action.lo -MD
-MP -MF .deps/libpolkit_helpers_la-polkit-gnome-action.Tpo -c
polkit-gnome-action.c -fPIC -DPIC -o
.libs/libpolkit_helpers_la-polkit-gnome-action.o
cc1: warnings being treated as errors
polkit-gnome-action.c: In function ‘_compute_polkit_result_direct’:
polkit-gnome-action.c:816: error:
‘polkit_context_can_caller_do_action’ is deprecated (declared at
/usr/include/PolicyKit/polkit/polkit-context.h:173)
polkit-gnome-action.c:827: error:
‘polkit_context_can_caller_do_action’ is deprecated (declared at
/usr/include/PolicyKit/polkit/polkit-context.h:173)
make[3]: *** [libpolkit_helpers_la-polkit-gnome-action.lo] Error 1
###########
PolicyKit stuff in Ubuntu 8.10 is in version 0.9-1
Is that possible to apply another quick fix to move the build forward? :)
Thanks!
Cheers,
Rafal
_______________________________________________
NetworkManager-list mailing list
NetworkManager-list gnome org
http://mail.gnome.org/mailman/listinfo/networkmanager-list
_______________________________________________
NetworkManager-list mailing list
NetworkManager-list gnome org
http://mail.gnome.org/mailman/listinfo/networkmanager-list
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
