Summary: | "Use FSID for key passphrase" fails when private key is empty | ||
---|---|---|---|
Product: | [Plasma] plasma-nm | Reporter: | Raphael Kubo da Costa <rakuco> |
Component: | general | Assignee: | Jan Grulich <jgrulich> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | nate |
Priority: | NOR | ||
Version: | master | ||
Target Milestone: | --- | ||
Platform: | Other | ||
OS: | Linux | ||
Latest Commit: | https://invent.kde.org/plasma/plasma-nm/commit/c9f4c07157c269fcf9bd41981bc534d2f8b5e43b | Version Fixed In: | 5.23.1 |
Description
Raphael Kubo da Costa
2021-10-15 09:58:06 UTC
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-nm/-/merge_requests/83 Git commit a76f4d4b0f75d1007d8fc13dc1e4c95c4a66a430 by Raphael Kubo da Costa. Committed on 15/10/2021 at 09:58. Pushed by grulich into branch 'master'. openconnect: Make FSID passphrase + empty private key combination work. It should be possible to usen FSID-protected key passphrase with a user certificate and no private key. This was not working as expected because we were always calling openconnect_set_client_cert() with QByteArray::data(). The latter will pass an empty string rather than nullptr if it is empty, which can be the case for `key` if it is not set. This causes openconnect_set_client_cert() to use that empty string rather than handle the null argument case, and we would be unexpectedly prompted for a key password when trying to connect. Avoid running into this by explicitly passing `nullptr` when we have an empty `key`. M +1 -1 vpn/openconnect/openconnectauth.cpp https://invent.kde.org/plasma/plasma-nm/commit/a76f4d4b0f75d1007d8fc13dc1e4c95c4a66a430 Git commit de0d41556adf7f9976c8b7febeb2569aed772d27 by Jan Grulich, on behalf of Raphael Kubo da Costa. Committed on 15/10/2021 at 10:07. Pushed by grulich into branch 'cherry-pick-a76f4d4b'. openconnect: Make FSID passphrase + empty private key combination work. It should be possible to usen FSID-protected key passphrase with a user certificate and no private key. This was not working as expected because we were always calling openconnect_set_client_cert() with QByteArray::data(). The latter will pass an empty string rather than nullptr if it is empty, which can be the case for `key` if it is not set. This causes openconnect_set_client_cert() to use that empty string rather than handle the null argument case, and we would be unexpectedly prompted for a key password when trying to connect. Avoid running into this by explicitly passing `nullptr` when we have an empty `key`. (cherry picked from commit a76f4d4b0f75d1007d8fc13dc1e4c95c4a66a430) M +1 -1 vpn/openconnect/openconnectauth.cpp https://invent.kde.org/plasma/plasma-nm/commit/de0d41556adf7f9976c8b7febeb2569aed772d27 Git commit c9f4c07157c269fcf9bd41981bc534d2f8b5e43b by Jan Grulich, on behalf of Raphael Kubo da Costa. Committed on 15/10/2021 at 10:08. Pushed by grulich into branch 'Plasma/5.23'. openconnect: Make FSID passphrase + empty private key combination work. It should be possible to usen FSID-protected key passphrase with a user certificate and no private key. This was not working as expected because we were always calling openconnect_set_client_cert() with QByteArray::data(). The latter will pass an empty string rather than nullptr if it is empty, which can be the case for `key` if it is not set. This causes openconnect_set_client_cert() to use that empty string rather than handle the null argument case, and we would be unexpectedly prompted for a key password when trying to connect. Avoid running into this by explicitly passing `nullptr` when we have an empty `key`. (cherry picked from commit a76f4d4b0f75d1007d8fc13dc1e4c95c4a66a430) M +1 -1 vpn/openconnect/openconnectauth.cpp https://invent.kde.org/plasma/plasma-nm/commit/c9f4c07157c269fcf9bd41981bc534d2f8b5e43b |