GNOME Bugzilla – Bug 763578
doesn't recognize WPA* Enterprise private key file with .p12 extension
Last modified: 2016-06-09 02:12:46 UTC
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817903 Package: network-manager Version: 1.1.91-1 Severity: normal Dear Maintainer, I want to configure a wireless connection provided by my institution --- meaning that I have no degrees of freedom in what I have to do to complete the procedure. That said, the institution gives me two files, a CA certificate ca.pem and a private key file with an associated private key wifiCert.p12 I had placed those files in a generic subfolder (~/Documents/.certificates) and then I tried to configure the connection using Network Manager. I access the Network Connections window, I Add a new (wireless) connection, in the Editing New Connection window I access the Wi-Fi Security tab, select WPA & WPA2 Enterprise from the Security menu, I use the CA Certificate menu to access the ~/Documents/.certificates folder, I'm shown the ca.pem file, I select it and proceed, using the Private key menu, I access ~/Documents/.certificates, at the bottom I see the list of correct file extensions (comprising the .p12 extension!) but the file wifiCert.p12 is not shown (no file at all is shown as selectable). At his point I cannot complete the configuration. I have to mention that this is a new laptop (my previuos laptop has been stolen) and that on my previous laptop I configured the same wireless network w/o any problem. Previous laptop, btw, was running sid as well.
I'm also affected by this bug. Launching nm-connection-editor from terminal will show the following output while opening the GtkFileChooserDialog to select the wifiCert.p12 key: (nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed (nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed (nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed (nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed (nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed (nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed (nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed Additional info: * package version(s) networkmanager 1.2.0-3 nm-connection-editor 1.2.0-1 network-manager-applet 1.2.0-1 Steps to reproduce: 1) Launch nm-connection editor and add a new wifi connection (or connect to a wpa enterpise network) 2) in the WiFi-Security tab select "Wpa & Wpa2 Enterprise" Security and then TLS as authentication 3) click on Private Key
Created attachment 327763 [details] [review] [PATCH] wireless-security: fix failed assertion in default_filter_privkey() This patch should fix the issue.
(In reply to Beniamino Galvani from comment #2) > Created attachment 327763 [details] [review] [review] > [PATCH] wireless-security: fix failed assertion in default_filter_privkey() > > This patch should fix the issue. This patch looks right to me. But it's actually a bug in libnm. Fixed on master: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=81499355b049fffadfa6576bbcd2d2fb9fac9d13 nm-1-2: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=9a37d1d970bf5bf1aab35468aabccb8cbfe2a39b
Fixed also in nm-applet, so that this will work also when using old libnm versions: https://git.gnome.org/browse/network-manager-applet/commit/?id=8e60431a7d6fc4c5545e58464e10b9131cbd3e6a https://git.gnome.org/browse/network-manager-applet/commit/?h=nma-1-2&id=037c5721d89b20c46ecc53e05d9867fd4d969412
there are similar reports on ubuntu and they suggest that the fix resolves the .p12 case doesn't work for .pem or .key files, should a new bug be open about those?
(In reply to Sebastien Bacher from comment #5) > there are similar reports on ubuntu and they suggest that the fix resolves > the .p12 case doesn't work for .pem or .key files, should a new bug be open > about those? hi, if those issue also exhibit (nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed it's the same bug and should be alredy fixed. Did those users get the upstream fix? If not, it's a different bug. Let's keep them separate.
> if those issue also exhibit > (nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: > assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed > it's the same bug and should be alredy fixed. Did those users get the upstream > fix? no such warning, we backported the nm-applet fix but didn't land the n-m one yet, unsure if that makes a different. I've tried by downloading that key http://fm4dd.com/openssl/source/PEM/keys/512b-rsa-example-keypair.pem using that testcase "1. Click on Connections icon in status panel 2. Click on Edit connections 3. Select Wired connection 4. Go to 802.1x tab 5. Check the Use 802.1X checkbox 6. Choose TLS 7. Click on Secret key button 8. In file chooser navigate to the folder where key is located and try to select key file - the list is empty" I'm going to try with nm 1.2.2 to make sure and report a new bug if that's still an issue there
(In reply to Sebastien Bacher from comment #7) > 8. In file chooser navigate to the folder where key is located and try to > select key file - the list is empty" I just tested that with nm-applet from current master, and the file was there and I could select it.