Ubuntu
network-manager-openconnect package

openconnect config file import cannot handle "(null)" values

Bug #1673015 reported by Lukas Prokop on 2017-03-15

10

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	network-manager-openconnect (Ubuntu)	Fix Released	Low	Unassigned

Bug Description

Prerequisites:

1. network-manager is installed
2. network-manager-openconnect-gnome is installed
3. Store the following text file:

% cat uni-graz-vpn.config
[openconnect]
Description=UniGraz
Host=univpn.uni-graz.at
CACert=(null)
Proxy=
CSDEnable=0
CSDWrapper=
UserCertificate=(null)
PrivateKey=(null)
FSID=0
StokenSource=disabled
StokenString=

Action (in the Network Manager GUI):

1. "Edit Connections..."
2. "Add"
3. "Import a saved VPN configuration"
4. Select the file uni-graz-vpn.config
5. Among the "VPN connections"
6. Choose "UniGraz"
7. A HTTPS request to univpn.uni-graz.at is taking place

Expected behavior:

8. A prompt for username and password is shown

Actual behavior:

8. An error message appears: "Failed to open CA file '/(null)': Error while reading file." and "Failed to open HTTPS connection to univpn.uni-graz.at"

Reason:

This package is uncapable of converting the export file content "(null)" into an internal NULL value. Instead it is assumed as string "(null)" and a slash is prepended for the filepath: "/(null)". The text file was created by using network manager's export configuration utility. If you replace "(null)" with "" in the configuration file, it will work properly. Very annoying for non-technical users. Please fix this.

Debug information:

% lsb_release -rd
Description: Linux Mint 18 Sarah
Release: 18
% apt-cache policy network-manager-openconnect
network-manager-openconnect:
  Installed: 1.2.0-0ubuntu0.16.04.1
  Candidate: 1.2.0-0ubuntu0.16.04.1
  Version table:
*** 1.2.0-0ubuntu0.16.04.1 500
        500 http://ftp.kaist.ac.kr/pub/ubuntu xenial-updates/universe amd64 Packages
        100 /var/lib/dpkg/status
     1.0.2-1build1 500
        500 http://ftp.kaist.ac.kr/pub/ubuntu xenial/universe amd64 Packages

Tags:

Revision history for this message

Lukas Prokop (meisterluk) wrote on 2017-03-15:

#1

Screenshot of the error message: Failed to open CA file '/(null)': Error while reading file. Edit (33.0 KiB, image/png)

Revision history for this message

dwmw2 (dwmw2) wrote on 2017-03-15:

#2

Arguably the problem here is that you have, literally, "(null)" as the string in the config file. IF you have a file with that name, you should be permitted to use that.

This is a bug in the *EXPORT* not the import. We shouldn't (ideally) special-case that filename on import. Although we might now have to, purely for compatibility.

Revision history for this message

dwmw2 (dwmw2) wrote on 2017-03-15:

#3

https://git.gnome.org/browse/network-manager-openconnect/commit/?id=f58893e15fc7

Revision history for this message

Lukas Prokop (meisterluk) wrote on 2017-03-15:

#4

Looks good to me. Thank you for the fix!

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-09-10:

#5

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openconnect (Ubuntu):
status:	New → Confirmed

Sebastien Bacher (seb128) on 2019-03-12

Changed in network-manager-openconnect (Ubuntu):
importance:	Undecided → Critical
importance:	Critical → Low
status:	Confirmed → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-03-12:

#6

This bug was fixed in the package network-manager-openconnect - 1.2.4-2ubuntu1

---------------
network-manager-openconnect (1.2.4-2ubuntu1) disco; urgency=medium

  * Backport some git commit while talking to upstrem about a new tarball
  * debian/patches/git_certkey_export.patch:
    - Fix import/export with empty cacert/cert/privkey options
      (lp: #1673015)
  * debian/patches/git_reported_os.patch:
    - add "Reported OS" option, it's needed to connect to some servers
  * debian/patches/git_sigint_disconnect.patch:
    - use sigint so it does a proper logout on close
  * debian/patches/git_can_persist.patch:
    - Set can-persist property. OpenConnect can persist and reconnect when
      the underlying physical connection goes away or changes
  * debian/patches/git_tpm2_key.patch:
    - Allow TPM2 key files
  * debian/patches/git_password_config.patch:
    - Allow key password to be set in config

-- Sebastien Bacher <email address hidden> Tue, 12 Mar 2019 16:51:29 +0100

Changed in network-manager-openconnect (Ubuntu):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Screenshot of the error message: Failed to open CA file '/(null)': Error while reading file. Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.