NM errors on DER-formatted WPA2-Enterprise certificate
Bug #884612 reported by
Patrick Brueckner
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
network-manager (Ubuntu) |
Confirmed
|
Medium
|
Unassigned |
Bug Description
When using network-manager (0.8.4~
Network manager accepts all kind of certificate files, alltough selecting a DER cert will cause an error:
> OpenSSL: tls_connection_
> error:00000000:
> TLS: Failed to set TLS connection parameters
network manager should only accept PEM certificates OR automagically convert DER certificates to PEM.
description: | updated |
description: | updated |
summary: |
- WPA2-Enterprise SSL Certificate Format + NM erros on DER-formatted WPA2-Enterprise certificate |
summary: |
- NM erros on DER-formatted WPA2-Enterprise certificate + NM errors on DER-formatted WPA2-Enterprise certificate |
To post a comment you must log in.
Confirmed; this needs further triage. I know for sure there is at least one other bug about what certificates are accepted (and frankly we should accept all the ones we possibly can, without need to convert). There's some checking of whether the certificate is understandable before passing it to the next layer (wpasupplicant or VPNs); and that's usually what's failing rather than the next layer.
We should do a careful round of testing with various kinds of certificates to make sure all the possibilities work.
Patrick; any chance you could provide a sample certificate built the same way as the ones you use (though not the same certificate, for obvious security reasons), so that we can get the actual format right? It's a DER, but the headers in the text format are usually different between actual formats.