After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 620896 - OpenVPN connection fails with x509 if private key does not have a password
OpenVPN connection fails with x509 if private key does not have a password
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: VPN: openvpn
0.8.x
Other Linux
: Normal normal
: ---
Assigned To: Dan Williams
Dan Williams
Depends on:
Blocks:
 
 
Reported: 2010-06-07 20:33 UTC by Erinn Looney-Triggs
Modified: 2010-10-28 20:49 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Erinn Looney-Triggs 2010-06-07 20:33:32 UTC
Subject about says it all, I know this is planned behaviour and that is reasonable, but I believe there should be an informative error message if a user tries to use a private key without a pass phrase. 

As is the following error appears:
"The VPN connection to 'My VPN' failed because the VPN service failed to start."

And if you have debugging enabled the following error appears:
CRITICAL **: crypto_get_private_key_data: assertion `password != NULL' failed

Probably the first error should be more descriptive if at all possible and perhaps point to steps to remediate the issue such as running the following command on the key:

openssl rsa -in private.key -aes128 -out new-private.key

To reproduce this issue, simply set up a OpenVPN connection with a plain text private key and attempt to make the connection, it will fail. One more thing I suppose that is confusing to users is the OpenVPN program itself will have no issues making the connection with a plain text private key.

Thanks,

-Erinn
https://stomp.colorado.edu/blog/
Comment 1 Dan Williams 2010-06-08 21:14:00 UTC
What version of NM-openvpn do you have?  This bug should have been corrected last month or so and will be part of the 0.8.1 release.
Comment 2 Erinn Looney-Triggs 2010-06-08 21:15:48 UTC
Sorry forgot to mention that part, this is on fedora 13 and the pacage is listed as:
NetworkManager-openvpn-0.8-2.git20100411.fc13.x86_64

-Erinn
Comment 3 Dan Williams 2010-10-28 20:49:00 UTC
Yeah, I'm pretty sure this is already fixed.  Can you try:

https://admin.fedoraproject.org/updates/NetworkManager-0.8.1-9.git20100831.fc12

You should be able to install this by just updating to the latest Fedora 13 packages via System -> Administration -> Software Update, or from the terminal:

sudo yum upgrade NetworkManager-openvpn