Bug 308630

Summary: NetworkManager plasma widget have problems with bad certificates at OpenConnect (VPN)
Product: [Unmaintained] Network Management Reporter: Stefan Koch <stefan_koch>
Component: generalAssignee: Ilia Kats <ilia-kats>
Status: RESOLVED FIXED    
Severity: major CC: lamarque, leon.maurer, wstephenson
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: http://commits.kde.org/networkmanagement/d2da4b26f02d61c34517916242b73022d6ee8cb6 Version Fixed In:
Sentry Crash Report:

Description Stefan Koch 2012-10-18 22:32:46 UTC 
When you connect to an VPN network from OpenConnect that doesn't have a valid certificate (a. e. certificate outdated) a message appears to accept the certificate. But after clicking on "Yes" you can't connect to the server, you can't log in.

Workaround is to install "nm-applet" from GNOME.

Reproducible: Always
Comment 1 Stefan Koch 2012-10-18 22:33:20 UTC 
KDE version: 3.92 at Kubuntu 12.10
Comment 2 Ilia Kats 2012-10-21 14:43:28 UTC 
I can not reproduce this bug here. Can you elaborate a bit more on what exactly happens? Does the UI freeze? Does it say that your password is wrong?
Comment 3 Stefan Koch 2012-10-23 12:24:15 UTC 
Sorry, it is not an outdated certificate. It is a certificate with "signer not found".
I think this is a self made certificate, not from a trusted CA.

KDE service asks for accepting this certificate, then I accept this.

Then the Password-Dialog appears but there stands that it is connecting to the server, so I can't enter username and password.

With the GNOME nm-applet the same occours, I get a certificate error, then I accept the certificate, but with this Password Dialog I can enter a username and password and can log in to VPN.
Comment 4 Stefan Koch 2012-10-23 12:25:20 UTC 
This is protocol from KDE password dialog:
Attempting to connect to 193.174.193.64:443
SSL negotiation with vpngw.fh-kempten.de
Server certificate verify failed: signer not found
Connected to HTTPS on vpngw.fh-kempten.de
GET https://vpngw.fh-kempten.de/
Got HTTP response: HTTP/1.0 302 Object Moved
SSL negotiation with vpngw.fh-kempten.de
Server certificate verify failed: signer not found
Comment 5 Stefan Koch 2012-10-23 12:25:59 UTC 
This is protocol from GNOME password dialog:
Attempting to connect to 193.174.193.64:443
SSL negotiation with vpngw.fh-kempten.de
Server certificate verify failed: signer not found
Connected to HTTPS on vpngw.fh-kempten.de
GET https://vpngw.fh-kempten.de/
Got HTTP response: HTTP/1.0 302 Object Moved
SSL negotiation with vpngw.fh-kempten.de
Server certificate verify failed: signer not found
Connected to HTTPS on vpngw.fh-kempten.de
GET https://vpngw.fh-kempten.de/+webvpn+/index.html
Comment 6 Ilia Kats 2012-10-29 20:24:39 UTC 
Git commit 0099e4313d7545edc450de4408958869819fd5fb by Ilia Kats.
Committed on 29/10/2012 at 21:23.
Pushed by iliakats into branch 'nm09'.

guard QWaitCondtion::wakeAll() call with mutex lock/unlock to prevent
deadlock

M  +2    -0    vpnplugins/openconnect/openconnectauth.cpp

http://commits.kde.org/networkmanagement/0099e4313d7545edc450de4408958869819fd5fb
Comment 7 Ilia Kats 2012-10-29 20:25:06 UTC 
Git commit d2da4b26f02d61c34517916242b73022d6ee8cb6 by Ilia Kats.
Committed on 29/10/2012 at 21:23.
Pushed by iliakats into branch 'master'.

guard QWaitCondtion::wakeAll() call with mutex lock/unlock to prevent
deadlock
(cherry picked from commit 0099e4313d7545edc450de4408958869819fd5fb)

M  +2    -0    vpnplugins/openconnect/openconnectauth.cpp

http://commits.kde.org/networkmanagement/d2da4b26f02d61c34517916242b73022d6ee8cb6
Comment 8 Leon Maurer 2015-05-29 15:39:48 UTC 
I'm having a very similar problem with KDE 5.3. I've filed a new report at bug 348318.