After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 489091 - Store certificate contents rather than pathname
Store certificate contents rather than pathname
Status: RESOLVED DUPLICATE of bug 719982
Product: NetworkManager
Classification: Platform
Component: nm-applet
git master
Other All
: Normal minor
: ---
Assigned To: Dan Williams
NetworkManager maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2007-10-22 17:09 UTC by Nathaniel McCallum
Modified: 2014-07-23 15:46 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Nathaniel McCallum 2007-10-22 17:09:06 UTC
When connecting to a WPA(2)-Enterprise network, the user can specify a certificate.  NM stores only the path to this certificate.  This means that should the cert be moved or deleted it breaks the wireless connection.  This is most generally used with CA certs, however since client certs are also used this should probably go into the keychain (or similar).

Other information:
Comment 1 Wouter Bolsterlee (uws) 2008-05-06 15:01:25 UTC
Indeed, this is really annoying. I have to keep a bunch of files around, while the majority of configuration options is in gconf.
Comment 2 Howard Chu 2008-10-20 10:18:44 UTC
Hm, I need to keep my user certificate files around anyway, for my LDAP and SMTP/POP3 authentication. Putting them in the keyring isn't any help there; this doesn't seem to be as great an idea as you seem to think. Why would anyone move/delete these files?
Comment 3 Nathaniel McCallum 2008-10-20 17:14:07 UTC
Howard, your comment assumes a few things that are not always true.
1. That the user is using a single cert for multiple services
2. That a user actually knows *what* a certificate is.

The use case looks like this:
1. John doesn't know what a cert is
2. His admin gives him a file and says "put this in the cert box"
3. Three months later, John is cleaning up his files.  He sees the cert file, doen't remember what it is, opens it, the contents appear to be gibberish and so he figures the file is garbage and deletes it.
4. John reboots his computer and the network doesn't work.  "Why!?"

It would be *better* for NM to make a copy of the cert at the time the connection is created and store the cert for the length of the connection's configuration.  If the config is delete, the cert should be deleted as well.
Comment 4 Dan Williams 2008-10-20 17:39:45 UTC
Yeah, we should be copying it for now and later integrating with certificate stores that may be present  (and smartcards where we can't get the private key!).
Comment 5 Howard Chu 2008-10-20 20:05:12 UTC
(In reply to comment #3)
> Howard, your comment assumes a few things that are not always true.
> 1. That the user is using a single cert for multiple services
> 2. That a user actually knows *what* a certificate is.

Sure, but you seem to be assuming those are never true...

> The use case looks like this:
> 1. John doesn't know what a cert is
> 2. His admin gives him a file and says "put this in the cert box"
> 3. Three months later, John is cleaning up his files.  He sees the cert file,
> doen't remember what it is, opens it, the contents appear to be gibberish and
> so he figures the file is garbage and deletes it.
> 4. John reboots his computer and the network doesn't work.  "Why!?"

There are hundreds if not thousands of files that Gnome depends on that look like gibberish, but nobody seems to be worried about any of them being accidentally deleted. (e.g. %gconf.xml) Most likely because they're stored in a special location, and most users just ignore that location.

It makes sense to make sure that the cert is stored somewhere that it won't easily be accidentally deleted, sure. But this is too specific a solution. It would be better to define a standard location in a user's home directory for storing all of their user certs, which can be relied on by various other software that uses certs. Just like all cert-based software now can rely on the systemwide /etc/ssl/certs.
Comment 6 Howard Chu 2008-10-20 20:37:28 UTC
In case it's not obvious, I'm suggesting:
  make sure ~/.ssl exists, with restricted permissions
  require the user to move their cert into ~/.ssl

The idea of copying the cert from the specified path into any other backing store is problematic for at least two reasons:
  1) any time you duplicate security credentials, you create the potential for a new security hole. I.e., this idea is fundamentally unsound.
  2) violates the principle of least astonishment. If I later come back and copy a new certificate over the old one (it expired, or was revoked, whatever) and NM still continues to use its private copy, things won't work and I'll have no idea why not.
Comment 7 Dan Winship 2012-07-27 15:37:21 UTC
This will eventually be implemented by letting you import certificates into the PKCS#11 database (eg, gnome-keyring), and them reading them from there rather than from the filesystem.
Comment 8 Dan Williams 2014-07-23 15:46:10 UTC

*** This bug has been marked as a duplicate of bug 719982 ***