Re: PATCH: passwordless TLS openvpn fails to connect with "no VPN secrets"

On Mon, 2009-12-21 at 02:10 -0300, Federico Heinz wrote:
> The openVPN plugin for NetworkManager fails to connect to a passwordless TLS
> server, complaining of "no VPN secrets". This happened because the code assumes
> that only static-key servers use no secrets, which isn't true. Only password
> and password+TLS require secrets.

We'd need a bit more than that unfortunately.  First, openvpn assumes
that the TLS private key will have a password protecting it, in which
case the patch isn't required.  Second, if we do want to allow
unencrypted private keys (a security hole) then we'd need code to verify
that the private key the user has picked is indeed unencrypted before
letting the UI enable the OK button.  Any chance you'd be willing to
work on that patch?  Most of the code to do that is lying around since
nm-applet needs to do the same thing for 802.1x TLS.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]