|
On Monday 14 of September 2015 12:51:01 Jirka Klimes wrote: > On Mon, 14 Sep 2015 10:36:59 +0200 > > Jan Grulich <jgrulich redhat com> wrote: > > Hi, > > > > I'm trying to improve our WPA/WPA2 Enterprise support in KDE and I > > have few questions regarding 802-11x security setting. > > > > 1) When phase2-foo properties should be used instead of just foo > > properties (e.g phase2-private-key/private-key) ? In implementation > > of gnome-applet I see they are used when phase2 property is set to > > true, but it's always set to false as I can see. > > phase2-foo properties are used for EAP methods that have 2 phases. In > the first phase a tunnel is established, and then, in phase 2, the > authentication is done inside the tunnel using the inner method that > uses the phase2 properties. > NM uses that for PEAP, TTLS and FAST EAP methods for which you can > specify inner methods. > > I am not aware of gnome-shell applet implementation. You can look at > nm-applet/nm-connection-editor code here: > https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-securi > ty/eap-method.c > https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-secur > ity/eap-method-peap.c
I actually meant nm-applet and not gnome-applet.
I see only phase2_auth property used in PEAP, FAST PEAP and TTLS, but in TLS there are other phase2-foo properties used only when parent->phase2 is true. I just don't understand why this property is always set to false in https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-security/wireless-security.c by passing false as third parameter to eap_method_tls_new (line 428).
Is there any place where this property gets changed?
> > 2) Are subjectMatch/altSubjectMatch properties still valid and used? > > I don't see this implemented in gnome-applet, but we had this > > implemented in the old KDE networkmanagement applet. I'm asking > > because we got a bug report about missing implementation of these > > properties for the new applet and I would like to be sure how this > > should be implemented. > > https://developer.gnome.org/NetworkManager/1.0/ref-settings.html > > Yes, the properties are valid and used for matching the certificates. > They are passed to wpa_supplicant that performs the certificates > matching. > http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/supplican > t-manager/nm-supplicant-config.c#n971 > > It seems that nm-connection-editor/nn-applet did not handle the > properties. But they can be set via nmcli. > > Jirka >
Regards, Jan
|