Ubuntu
network-manager package

NM errors on DER-formatted WPA2-Enterprise certificate

Bug #884612 reported by Patrick Brueckner
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

When using network-manager (0.8.4~git.20110319t175609.d14809b-0ubuntu3) on Ubuntu 11.04 LTS to connect to a WPA2-Enterprise secured wireless network, one is supposed to provide a SSL certificate (with good reason!).

Network manager accepts all kind of certificate files, alltough selecting a DER cert will cause an error:

> OpenSSL: tls_connection_ca_cert - Failed to load root certificates
> error:00000000:lib(0):func(0):reason(0)
> TLS: Failed to set TLS connection parameters

network manager should only accept PEM certificates OR automagically convert DER certificates to PEM.

See original description
Tags: nm-certs
Patrick Brueckner (madmuffin)
description: updated
description: updated
Thomas Hood (jdthood)
summary: - WPA2-Enterprise SSL Certificate Format
+ NM erros on DER-formatted WPA2-Enterprise certificate
Thomas Hood (jdthood)
summary: - NM erros on DER-formatted WPA2-Enterprise certificate
+ NM errors on DER-formatted WPA2-Enterprise certificate
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Confirmed; this needs further triage. I know for sure there is at least one other bug about what certificates are accepted (and frankly we should accept all the ones we possibly can, without need to convert). There's some checking of whether the certificate is understandable before passing it to the next layer (wpasupplicant or VPNs); and that's usually what's failing rather than the next layer.

We should do a careful round of testing with various kinds of certificates to make sure all the possibilities work.

Patrick; any chance you could provide a sample certificate built the same way as the ones you use (though not the same certificate, for obvious security reasons), so that we can get the actual format right? It's a DER, but the headers in the text format are usually different between actual formats.

Changed in network-manager (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
tags: added: nm-certs
Revision history for this message
Patrick Brueckner (madmuffin) wrote :

The certificate I tried is publicly available at https://info.pca.dfn.de/uni-kassel-ca/index.html
You can download it in der and pem format from the website.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.