Ubuntu
network-manager package

[NM-0.7] nm-connection-editor fails to set/read certificates settings

Bug #245184 reported by Giovanni Lovato
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Fix Released
Undecided
Unassigned
Nominated for Intrepid by Dan Draeger
Nominated for Karmic by Matt Lavin

Bug Description

Binary package hint: network-manager

My versions:
[code]
$ dpkg -l | grep network-manager
ii network-manager 0.7~~svn20080628t003601+eni2-0ubuntu0~pre1
ii network-manager-gnome 0.7~~svn20080626t183232-0ubuntu0~pre1
[/code]

I try to elaborate a bit more on this problem: I removed all connections, then clicked on the wireless network on the applet; it asked me to select protection (I use TLS) and choose certificates. I did it and it connected successfully.
 On gconf I see:

[code]
$ gconftool-2 -R /system/networking
 /system/networking/connections:
  /system/networking/connections/1:
   /system/networking/connections/1/802-11-wireless:
    mode = infrastructure
    seen-bssids = [00:19:5b:3a:8d:8a,00:19:5b:3a:8d:87]
    ssid = [84,101,108,112,101,114,105,111,110]
    security = 802-11-wireless-security
    name = 802-11-wireless
   /system/networking/connections/1/802-11-wireless-security:
    pairwise = [tkip,ccmp,tkip,ccmp]
    group = [wep40,wep104,tkip,ccmp,wep40,wep104,tkip,ccmp]
    proto = [wpa,rsn,wpa,rsn]
    name = 802-11-wireless-security
    key-mgmt = wpa-eap
   /system/networking/connections/1/connection:
    id = Auto Telperion
    timestamp = 1215068924
    type = 802-11-wireless
    name = connection
    autoconnect = true
   /system/networking/connections/1/802-1x:
    nma-path-private-key = /home/giovanni/ssl/GiovanniLovato.pem
    eap = [tls]
    nma-path-ca-cert = /home/giovanni/ssl/AlduNetworkCA.crt
    name = 802-1x
    nma-path-client-cert = /home/giovanni/ssl/GiovanniLovato.pem
    identity = Giovanni Lovato
[/code]

It seems correct to me, it connects after all :)
 Now if I run nm-connection-editor from a terminal and edit this connection, from Security tab I see no certificates set:

http://img371.imageshack.us/img371/5049/screenshoteditingautotedn1.png

So, let's try to input the certificates. Once selected, immediately the button OK return active, but I get

http://img20.imageshack.us/img20/5015/screenshotnmconnectioneay8.png

and the terminal says:

[code]
$ nm-connection-editor

(nm-connection-editor:24259): GLib-CRITICAL **: g_hash_table_foreach: assertion `hash_table != NULL' failed
** Message: nm_connection_list_new: failed to load VPN plugins: Couldn't read VPN .name files directory /etc/NetworkManager/VPN.

** (nm-connection-editor:24259): WARNING **: <WARN> update(): update: Invalid connection: 'NMSetting8021x' / 'client-cert' invalid: 2

[/code]

Revision history for this message
Matt Foster (matt-foster42) wrote :

Confirmed - and the problem is actually worse:

I can't even connect to a EAP TLS WPA1 WLAN on Intrepid (KDE).

Doesn't work using the stock NM, so I used the PPA:
root@psll09551:/var/log# dpkg -l | grep -i network-man
ii network-manager 0.7~~svn20081018t105859-0ubuntu2~nm2 network management framework daemon
ii network-manager-kde 1:0.7svn864988-0ubuntu1ppa1 KDE systray applet for controlling NetworkManager
root@psll09551:/var/log#

If I try to update an existing WLAN connection then it spits out:
Oct 29 09:55:47 psll09551 NetworkManager: <WARN> connection_updated_cb(): connection_updated_cb: Invalid connection: 'NMSetting8021x' / 'client-cert' invalid: 2

If I try to create a new WLAN connection then we get:
Oct 29 10:18:20 psll09551 NetworkManager: <WARN> connection_get_settings_cb(): connection_get_settings_cb: Invalid connection: 'NMSetting8021x' / 'client-cert' invalid: 2

Manual use of wpa_supplicant with everything turned off associates fine, and this was indeed all working under hardy - but broken going to Intrepid.

Revision history for this message
Pedro Villavicencio (pedro) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Could you please add the /var/log/syslog to your bug report as an attachment? Also you can submit more information for it by looking to https://wiki.ubuntu.com/DebuggingNetworkManager , Thanks in advance.

Changed in network-manager:
status: New → Incomplete
Revision history for this message
Matt Foster (matt-foster42) wrote :

Sadly the only thing that gets spat out in syslog is:

NetworkManager: <WARN> connection_get_settings_cb(): connection_get_settings_cb: Invalid connection: 'NMSetting8021x' / 'client-cert' invalid: 2

Added as an attachment as requested.

Is there some way I can run a more verbose debug from NetworkManager?

Packages are at:

ii network-manager 0.7-0ubuntu1~nm1~intrepid1 network management framework daemon
ii network-manager-dev 0.7-0ubuntu1~nm1~intrepid1 network management framework (development files)
ii network-manager-kde 1:0.7svn864988-0ubuntu1.8.10.3 KDE systray applet for controlling NetworkManager

Revision history for this message
Matt Lavin (matt-lavin) wrote :

I still see this problem using the latest code from Karmic. The bug is marked incomplete, but the requested information has been supplied. If there is more information needed, I can try to supply it.

Revision history for this message
Alexander Sack (asac) wrote :

i think this is fixed upstream. next time we get a successful build here: https://edge.launchpad.net/~network-manager/+archive/trunk you can test it. Please confirm that its fixed for you there now.

Changed in network-manager (Ubuntu):
status: Incomplete → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.5 KiB)

This bug was fixed in the package network-manager - 0.8~rc2-0ubuntu1

---------------
network-manager (0.8~rc2-0ubuntu1) lucid; urgency=low

  * upstream snapshot 2009-11-12 01:22:59 (GMT)
    + 420ea0220c29a45337e239e4c53250a6989160a3
    - ppp: allow update of ppp secrets in all ACTIVATING stages (LP: #432205)
    - core: validate pidfile and quit early if NM is already running (rh #517362)
    - core: preserve wifi and networking enabled/disabled states (bgo #582447)
    - libnm-util: don't allow blank or NULL VPN items or secrets (rh #532084)

  * upstream 0.8-rc1 release
    - libnm-util: client cert shouldn't be required to set priv key (bgo #585570)
    - wifi: poll rfkill status for ipw2x00 devices
    - ppp: increase PPPoE pppd timeout to 30 seconds (debug)
    - wifi: don't allow scan requests when associating
    - wifi: ensure wifi devices are enabled on wakeup if not rfkilled
    - libnm-util: handle PEM files without ending newline (rh #507315)
    - system-settings: cache secrets to protect against nm_connection_clear_secrets
    - dnsmasq: VPN DNS fixes (LP #389006)
    - system-settings: fix crash when deleting wired connections
    - modem: subsitute known-good nameservers if PPP doesn't return any (LP: #434477)
    - core: clear invalid tag on failed connections when sleeping (LP: #456362)
    - wwan: unable to bring up mobile-broadband system connection (LP: #483773)
    - 8021x: fixed problems with invalid connection / client-certs (LP: #245184)

  * upstream 0.8-rc2 release
    - po: update italian translation (bgo #595673)
    - core: fix error when parsing state file for WirelessEnabled fails
    - libnm-util: fix potential crash when encrypting fails
    - modem: ensure deactivation on disable only happens on disable
    - modem: ensure device is deactivated if the modem is disabled
      underneath NM
    - modem: enable modem before connecting if required
    - libnm-glib: add WWAN enable/disable support
    - manager: add WWAN enable/disable support
    - modem: proxy the ModemManager Enabled property
    - manager: generalize rfkill operations
    - core: add statefile support for WWAN devices
    - udev: add support for other types of rfkill switches
    - core: generalize interface for enabling/disabling devices
    - modem: fix enable/disable/disconnect flow
    - system-settings: Fix using hostname from DHCP
    - libnm-util: client certificate should not be required to set
      private key (bgo #585570)

  [ Alexander Sack <email address hidden> ]
  * allow daily builds to be filed against ubuntu bug system;
    to allow this we add report['CrashDB'] = 'ubuntu' to the apport
    hook
    - update debian/source_network-manager.py
  * attach list of system-connection configuration files in apport hook
    - update debian/source_network-manager.py

  [ Mathieu Trudel <email address hidden> ]
  * updated pkcs11 smartcard patch
    - updated debian/patches/lp120363_smartcard_pkcs11.patch
  * updated signals patch for apport
    - updated debian/patches/70_lp145653_no_sigaction_for_crashes.patch
  * add new nm_setting_olpc_mesh_new symbol to libnm-util1.symbols
    - update debian/libnm-util1.symbols
  * add new nm_cl...

Read more...

Changed in network-manager (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.