Re: PATCH: passwordless TLS openvpn fails to connect with "no VPN secrets"

From: Dan Williams <dcbw redhat com>
To: Federico Heinz <fheinz vialibre org ar>
Cc: networkmanager-list gnome org
Subject: Re: PATCH: passwordless TLS openvpn fails to connect with "no VPN secrets"
Date: Wed, 20 Jan 2010 12:58:44 -0800

On Mon, 2009-12-21 at 02:10 -0300, Federico Heinz wrote:
> The openVPN plugin for NetworkManager fails to connect to a passwordless TLS
> server, complaining of "no VPN secrets". This happened because the code assumes
> that only static-key servers use no secrets, which isn't true. Only password
> and password+TLS require secrets.
> 
> https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/453807

We'd need a bit more than that unfortunately.  First, openvpn assumes
that the TLS private key will have a password protecting it, in which
case the patch isn't required.  Second, if we do want to allow
unencrypted private keys (a security hole) then we'd need code to verify
that the private key the user has picked is indeed unencrypted before
letting the UI enable the OK button.  Any chance you'd be willing to
work on that patch?  Most of the code to do that is lying around since
nm-applet needs to do the same thing for 802.1x TLS.

Dan

Follow-Ups:
- Re: PATCH: passwordless TLS openvpn fails to connect with "no VPN secrets"
  - From: Federico Heinz

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]