After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 763578 - doesn't recognize WPA* Enterprise private key file with .p12 extension
doesn't recognize WPA* Enterprise private key file with .p12 extension
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: nm-connection-editor
1.2.x
Other Linux
: Normal normal
: ---
Assigned To: NetworkManager maintainer(s)
NetworkManager maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2016-03-13 20:26 UTC by Michael Biebl
Modified: 2016-06-09 02:12 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
[PATCH] wireless-security: fix failed assertion in default_filter_privkey() (1.85 KB, patch)
2016-05-13 08:42 UTC, Beniamino Galvani
none Details | Review

Description Michael Biebl 2016-03-13 20:26:55 UTC
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817903
Package: network-manager
Version: 1.1.91-1
Severity: normal

Dear Maintainer,

I want to configure a wireless connection provided by
my institution --- meaning that I have no degrees of freedom
in what I have to do to complete the procedure.

That said, the institution gives me two files, a CA certificate

  ca.pem

and a private key file with an associated private key

  wifiCert.p12

I had placed those files in a generic subfolder (~/Documents/.certificates)
and then I tried to configure the connection using Network Manager.

I access the Network Connections window, I Add a new (wireless)
connection, in the Editing New Connection window I access the Wi-Fi
Security tab, select WPA & WPA2 Enterprise from the Security menu, I use
the CA Certificate menu to access the ~/Documents/.certificates folder,
I'm shown the ca.pem file, I select it and proceed, using the Private key
menu, I access ~/Documents/.certificates, at the bottom I see the list of 
correct file extensions (comprising the .p12 extension!) but the file
wifiCert.p12 is not shown (no file at all is shown as selectable).

At his point I cannot complete the configuration.

I have to mention that this is a new laptop (my previuos laptop
has been stolen) and that on my previous laptop I configured the same
wireless network w/o any problem. Previous laptop, btw, was running sid as well.
Comment 1 Domenico Iezzi 2016-05-13 07:14:11 UTC
I'm also affected by this bug. Launching nm-connection-editor from terminal will show the following output while opening the GtkFileChooserDialog to select the wifiCert.p12 key:

(nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed

(nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed

(nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed

(nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed

(nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed

(nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed

(nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed


Additional info:
* package version(s)
networkmanager 1.2.0-3
nm-connection-editor 1.2.0-1
network-manager-applet 1.2.0-1

Steps to reproduce:
1) Launch nm-connection editor and add a new wifi connection (or connect to a wpa enterpise network)
2) in the WiFi-Security tab select "Wpa & Wpa2 Enterprise" Security and then TLS as authentication
3) click on Private Key
Comment 2 Beniamino Galvani 2016-05-13 08:42:35 UTC
Created attachment 327763 [details] [review]
[PATCH] wireless-security: fix failed assertion in default_filter_privkey()

This patch should fix the issue.
Comment 3 Thomas Haller 2016-05-13 12:27:37 UTC
(In reply to Beniamino Galvani from comment #2)
> Created attachment 327763 [details] [review] [review]
> [PATCH] wireless-security: fix failed assertion in default_filter_privkey()
> 
> This patch should fix the issue.

This patch looks right to me.


But it's actually a bug in libnm.
Fixed on
master: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=81499355b049fffadfa6576bbcd2d2fb9fac9d13
nm-1-2: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=9a37d1d970bf5bf1aab35468aabccb8cbfe2a39b
Comment 5 Sebastien Bacher 2016-06-07 13:18:29 UTC
there are similar reports on ubuntu and they suggest that the fix resolves the .p12 case doesn't work for .pem or .key files, should a new bug be open about those?
Comment 6 Thomas Haller 2016-06-07 13:42:45 UTC
(In reply to Sebastien Bacher from comment #5)
> there are similar reports on ubuntu and they suggest that the fix resolves
> the .p12 case doesn't work for .pem or .key files, should a new bug be open
> about those?

hi,

if those issue also exhibit
  (nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: 
  assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed
it's the same bug and should be alredy fixed. Did those users get the upstream fix?

If not, it's a different bug. Let's keep them separate.
Comment 7 Sebastien Bacher 2016-06-08 15:03:38 UTC
> if those issue also exhibit
>  (nm-connection-editor:2471): libnm-CRITICAL **: nm_utils_file_is_private_key: 
>  assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed
> it's the same bug and should be alredy fixed. Did those users get the upstream > fix?

no such warning, we backported the nm-applet fix but didn't land the n-m one yet, unsure if that makes a different.

I've tried by downloading that key
http://fm4dd.com/openssl/source/PEM/keys/512b-rsa-example-keypair.pem

using that testcase

"1. Click on Connections icon in status panel
2. Click on Edit connections
3. Select Wired connection
4. Go to 802.1x tab
5. Check the Use 802.1X checkbox
6. Choose TLS
7. Click on Secret key button
8. In file chooser navigate to the folder where key is located and try to select key file - the list is empty"

I'm going to try with nm 1.2.2 to make sure and report a new bug if that's still an issue there
Comment 8 Thomas Haller 2016-06-09 02:12:46 UTC
(In reply to Sebastien Bacher from comment #7)

> 8. In file chooser navigate to the folder where key is located and try to
> select key file - the list is empty"

I just tested that with nm-applet from current master, and the file was there and I could select it.