Bug 756638 – VPN Password still required even with "No password" option selected

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 756638 - VPN Password still required even with "No password" option selected


Summary:	VPN Password still required even with "No password" option selected


Status:	RESOLVED FIXED

Product:	NetworkManager
Classification:	Platform
Component:	VPN: openvpn
Version:	unspecified
Hardware:	Other Windows

Importance:	Normal normal
Target Milestone:	---
Assigned To:	NetworkManager maintainer(s)
QA Contact:	NetworkManager maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2015-10-15 13:27 UTC by Tomás Gonzalez Dowling
Modified:	2015-10-20 07:37 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Tomás Gonzalez Dowling 2015-10-15 13:27:53 UTC

When adding a OpenVPN connection from gnome3 interface, (importing an .ovpn file or filing all fields mannualy) the field password is required and if I select the "No passwd" option, the "Add" button on right botom corner doesn't get enabled, so I can't save the connection. If introduce some random characters it saves the data and the connection works ok.
When editing the same connection the same happens. I'm using a p12 certificate, with the CA cert and key all in the same file (so that 3 fields get completed with the same file).

If more data is needed, please ask.
Thanks,

Comment 1 Jiri Klimes 2015-10-16 13:09:38 UTC

The are actually two problems:
a) We do not detect whether private key is really encrypt when PKCS#12 file is used (all 3 fields with the same file). We regard all p12 as encrypted and thus require a password.
b) OpenVPN plugin did not take into account password flags (always-ask, not-required, agent-owned). As a result the user could not tell the editor that the password is really not needed.

The fix for b) (workarounds a) too) is available in openvpn repository branch
jk/key-password-require-bgo756638

A related commit to emit changed signal for password entries when password-storage changes is in network-manager-applet repository branch:
jk/emit-changed-for-password-icon

Tomás, it still would help if you could attach a screenshot of the editor and tell us whether or not the key is password-protected.

Comment 2 Lubomir Rintel 2015-10-19 15:23:11 UTC

(In reply to Jiri Klimes from comment #1)
> The are actually two problems:
> a) We do not detect whether private key is really encrypt when PKCS#12 file
> is used (all 3 fields with the same file). We regard all p12 as encrypted
> and thus require a password.
> b) OpenVPN plugin did not take into account password flags (always-ask,
> not-required, agent-owned). As a result the user could not tell the editor
> that the password is really not needed.
> 
> The fix for b) (workarounds a) too) is available in openvpn repository branch
> jk/key-password-require-bgo756638

LGTM

> A related commit to emit changed signal for password entries when
> password-storage changes is in network-manager-applet repository branch:
> jk/emit-changed-for-password-icon

LGTM too

> Tomás, it still would help if you could attach a screenshot of the editor
> and tell us whether or not the key is password-protected.

Comment 3 Jiri Klimes 2015-10-20 07:37:59 UTC

network-manager-openvpn:
master: 53e70d4 properties: do not require password for always-ask, not-required (bgo #756638)
nm-1-0: 2f652ad properties: do not require password for always-ask, not-required (bgo #756638)

network-manager-applet:
master: 5745f60 libnm-gtk/libnma: emit "changed" signal on password entry when icon changes
nma-1-0: libnm-gtk: emit "changed" signal on password entry when icon changes