| Summary: | "Use FSID for key passphrase" fails when private key is empty | ||
|---|---|---|---|
| Product: | [Plasma] plasmashell | Reporter: | Raphael Kubo da Costa <rakuco> |
| Component: | Networking in general | Assignee: | Jan Grulich <jgrulich> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | nate |
| Priority: | NOR | ||
| Version First Reported In: | master | ||
| Target Milestone: | 1.0 | ||
| Platform: | Other | ||
| OS: | Linux | ||
| Latest Commit: | https://invent.kde.org/plasma/plasma-nm/commit/c9f4c07157c269fcf9bd41981bc534d2f8b5e43b | Version Fixed/Implemented In: | 5.23.1 |
| Sentry Crash Report: | |||
|
Description
Raphael Kubo da Costa
2021-10-15 09:58:06 UTC
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-nm/-/merge_requests/83 Git commit a76f4d4b0f75d1007d8fc13dc1e4c95c4a66a430 by Raphael Kubo da Costa. Committed on 15/10/2021 at 09:58. Pushed by grulich into branch 'master'. openconnect: Make FSID passphrase + empty private key combination work. It should be possible to usen FSID-protected key passphrase with a user certificate and no private key. This was not working as expected because we were always calling openconnect_set_client_cert() with QByteArray::data(). The latter will pass an empty string rather than nullptr if it is empty, which can be the case for `key` if it is not set. This causes openconnect_set_client_cert() to use that empty string rather than handle the null argument case, and we would be unexpectedly prompted for a key password when trying to connect. Avoid running into this by explicitly passing `nullptr` when we have an empty `key`. M +1 -1 vpn/openconnect/openconnectauth.cpp https://invent.kde.org/plasma/plasma-nm/commit/a76f4d4b0f75d1007d8fc13dc1e4c95c4a66a430 Git commit de0d41556adf7f9976c8b7febeb2569aed772d27 by Jan Grulich, on behalf of Raphael Kubo da Costa. Committed on 15/10/2021 at 10:07. Pushed by grulich into branch 'cherry-pick-a76f4d4b'. openconnect: Make FSID passphrase + empty private key combination work. It should be possible to usen FSID-protected key passphrase with a user certificate and no private key. This was not working as expected because we were always calling openconnect_set_client_cert() with QByteArray::data(). The latter will pass an empty string rather than nullptr if it is empty, which can be the case for `key` if it is not set. This causes openconnect_set_client_cert() to use that empty string rather than handle the null argument case, and we would be unexpectedly prompted for a key password when trying to connect. Avoid running into this by explicitly passing `nullptr` when we have an empty `key`. (cherry picked from commit a76f4d4b0f75d1007d8fc13dc1e4c95c4a66a430) M +1 -1 vpn/openconnect/openconnectauth.cpp https://invent.kde.org/plasma/plasma-nm/commit/de0d41556adf7f9976c8b7febeb2569aed772d27 Git commit c9f4c07157c269fcf9bd41981bc534d2f8b5e43b by Jan Grulich, on behalf of Raphael Kubo da Costa. Committed on 15/10/2021 at 10:08. Pushed by grulich into branch 'Plasma/5.23'. openconnect: Make FSID passphrase + empty private key combination work. It should be possible to usen FSID-protected key passphrase with a user certificate and no private key. This was not working as expected because we were always calling openconnect_set_client_cert() with QByteArray::data(). The latter will pass an empty string rather than nullptr if it is empty, which can be the case for `key` if it is not set. This causes openconnect_set_client_cert() to use that empty string rather than handle the null argument case, and we would be unexpectedly prompted for a key password when trying to connect. Avoid running into this by explicitly passing `nullptr` when we have an empty `key`. (cherry picked from commit a76f4d4b0f75d1007d8fc13dc1e4c95c4a66a430) M +1 -1 vpn/openconnect/openconnectauth.cpp https://invent.kde.org/plasma/plasma-nm/commit/c9f4c07157c269fcf9bd41981bc534d2f8b5e43b Bulk transfer as requested in T17796 |