Comment 9 for bug 120363
Revision history for this message
| Alexander Sack (asac) wrote Re: [Bug 120363] Re: NetworkManager should support smartcard based certificate | #9 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
On Sun, Dec 07, 2008 at 06:54:16AM -0000, David Smith wrote:
> OK. First, what do you mean by basic TLS support in ubuntu? AFAICS the
> bits this bug depends on are already in place, everything but
> backporting this patch which doesn't appear to be that much work (I'm
> using it locally against your current NM0.7 package in intrepid).
AFAIK, upstream landed this stuff against the "new" api (after the
accessor function migration) ... so I assume cherry picking doesnt
work. If the patches in bugzilla are _before_ the accessor migration
then yes, the backport should work easily and I am sorry for the
delay. If you want attach the patches you use here, so I can just add
them on next update round.
Again sorry for the delay. (also excuse if i miss some detail,
currently writing this mail from a plane).
>
> To answer your second question, I wrote the patches for wpasupplicant to
> support configuring smartcards over dbus, that was included upstream
> many moons ago and is in the wpasupplicant version already shipping in
> intrepid. The patch that I'm asking to include gives libnm-util the
> ability to handle the necessary configuration parameters to send to
> wpasupplicant; it doesn't make setting them available in the applet yet
> but at least makes them usable from the system-settings facility or
> directly settable over dbus which on its own a huge benefit and makes NM
> completely usable for connecting to my 802.1x protected TLS network via
> the private key and certificate stored in my TPM chip, which is emulated
> as a smartcard to the system via opencryptoki. This is specifically
> intended for those of us who either realize that storing private keys on
> the filesystem is unsafe and want to better protect our security by
> using cryptographic hardware storage, or those of us at organizations
> who have a policy that these private keys must be stored in such format,
> e.g. for Windows, use of the MS crypto API storage which is bound to the
> TPM on the laptop. Does that answer your question?
OK thanks. If the patches are attached to this bug I will look and use
them. If they are not it would be helpful to just attach them
explicitly here too.
(same plane excuse from above applies).
Thanks for your help and for understanding the delay on my side.
- Alexander