Re: Interactive certificate dialog?
- From: Matthew Saltzman <mjs clemson edu>
- To: Dan Williams <dcbw redhat com>
- Cc: NetworkManager-list <NetworkManager-list gnome org>
- Subject: Re: Interactive certificate dialog?
- Date: Mon, 02 Nov 2009 20:08:51 -0500
On Mon, 2009-11-02 at 13:11 -0800, Dan Williams wrote:
> On Thu, 2009-10-29 at 14:52 -0400, Matthew Saltzman wrote:
> > My employer's wireless system is undergoing maintenance and information
> > about our SSL certificate for WPA has changed. On Windows, when you are
> > offered an untrusted certificate, there is a pop-up dialog asking you
> > whether to accept the certificate or not. In NetworkManager, the
> > connection simply fails with no indication of what the problem is.
> > In my case, the solution is to hunt down a source for the appropriate
> > certificate, copy it into /etc/pki/tls/certs, and set NM to point to
> > that file for its cert.
> > Would it be possible for NM to enter into a dialog with the user about
> > accepting the certificate? If that's not acceptable, would it at least
> > be possible to provide a more informative message about the cause for
> > the connection failure?
> This is my bright rosy future. A system certificate store.
> Unfortunately, we're not there yet. Here's why.
> 1) wpa_supplicant doesn't communicate certificate validation failures
> (or any failures really) up to the caller. Thus, unless we screenscrape
> the supplicant debug output, we have no way of finding out that the
> failure was because the CA certificate validation failed.
> 2) Even if we could do that, we don't have a mechanism for the
> supplicant to send the received CA certificate back up to the caller
> (ie, NM) so that NM could proxy it to userspace for the user to look at.
> Even just fixing #1 so that we know what the problem is would be
> awesome. We'll get there, it'll just take some time and fixes to the
OK Thanks. I'll be watching for it....
Clemson University Math Sciences
mjs AT clemson DOT edu
] [Thread Prev