| Summary: | kde-plasma/plasma-nm disappears when a intermediate SSL certificate is not found and can't make any VPN connections until logged out and logged in again | ||
|---|---|---|---|
| Product: | [Plasma] plasma-nm | Reporter: | Niels <nvaert1986> |
| Component: | applet | Assignee: | Plasma Bugs List <plasma-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | joe.elusive, nate, nicolas.fella, r3pek |
| Priority: | NOR | ||
| Version: | 5.26.5 | ||
| Target Milestone: | --- | ||
| Platform: | Gentoo Packages | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed In: | ||
| Sentry Crash Report: | |||
|
Description
Niels
2023-02-13 09:32:34 UTC
Possibly same issue that i've reported on Opensuse Tumbleweed bugtracker, https://bugzilla.opensuse.org/show_bug.cgi?id=1207079 Copypasting original report. This bug was reproduced on 3 different Tumbleweed machines, with 5.26.5 version Overview: When connecting to (previously working) AnyConnect vpn (using plasma-nm5-openconnect), after accepting self-signed server cert (popup window with "Signer not found" message), nm-applet window just crashes, netwokmanager logs <warn> [1673529893.2478] vpn[0x55fb7065a750,682c8bfb-8073-4b39-987b-a5cb5adeebc1,"my-vpn-name"]: secrets: failed to request VPN secrets #3: No agents were available for this request Launching kded5 manually, to check logs, yields logs attached at the bottom. Connecting to vpn from cli (using openconnect vpn.myserver.invalid) works as expected If "Debug log" checkbox selected when connecting via applet, it yields: Connected to A.B.C.D:443 SSL negotiation with vpn.myserver.invalid Server certificate verify failed: signer not found The size of the provided fingerprint is less than the minimum required (4) At the same time, connecting with cli openconnect doesn't log "The size of the provided fingerprint is less than the minimum required (4)", and gives POST https://vpn.myserver.invalid/ Connected to A.B.C.D:443 SSL negotiation with vpn.myserver.invalid Server certificate verify failed: signer not found Certificate from VPN server "vpn.myserver.invalid" failed verification. Reason: signer not found To trust this server in future, perhaps add this to your command line: --servercert pin-sha256:SOME_BASE64_STRING Enter 'yes' to accept, 'no' to abort; anything else to view: yes Connected to HTTPS on vpn.myserver.invalid with ciphersuite (TLS1.2)-(ECDHE-X25519)-(RSA-SHA256)-(AES-256-GCM) Steps to Reproduce: 1) Create an openconnect vpn profile in nm-applet, with Cisco AnyConnect protocol and vpn gateway specified 2) Connect to said vpn, via tray icon on nm-applet ui 3) After pressing Connect button, accept or cancel popup window with "Signer not found" message Actual Results: kded5 crashes, window closes, vpn connection is not established Expected Results: vpn connects Build Date & Hardware: Tumbleweed version: 20230110, fully updated at the time of report Hardware: Lenovo Ideapad 5, AMD Ryzen 5 5600U Bug start date: Somewhere in the end of December, unfortunately i haven't noted the first time it occured Relevant packages and versions: plasma-nm5-openconnect-5.26.5-1.1.x86_64 plasma-nm5-5.26.5-1.1.x86_64 NetworkManager-openconnect-lang-1.2.8-2.1.noarch openconnect-bash-completion-9.01-1.1.noarch openconnect-9.01-1.1.x86_64 libopenconnect5-9.01-1.1.x86_64 NetworkManager-1.40.8-1.1.x86_64 NetworkManager-openconnect-1.2.8-2.1.x86_64 Additional Information: - manjaro bug, that might be relevant: https://forum.manjaro.org/t/pan-vpn-connection-fails-after-an-update-again/125940 - At the same time, openconnect connected to PAN GlobalProtect VPN works as expected on same machine. kded5 logs: print-manager.kded: unable to register service to dbus org.kde.libkbolt: Failed to connect to Bolt manager DBus interface: org.kde.bolt.kded: Couldn't connect to Bolt DBus daemon xsettingsd: Reloading configuration xsettingsd: Loaded 0 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 11 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 11 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 11 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 11 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 11 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 11 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 0 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 11 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 11 settings from /home/joe/.config/xsettingsd/xsettingsd.conf Installing the delayed initialization callback. org.kde.plasma.dataengine.geolocation: gpsd not found "location" Delayed initialization. Reloading the khotkeys configuration Version 2 File! true Imported file "/usr/share/khotkeys/defaults.khotkeys" Imported file "/usr/share/khotkeys/kde32b1.khotkeys" Imported file "/usr/share/khotkeys/konqueror_gestures_kde321.khotkeys" Registering ":1.87/StatusNotifierItem" to system tray Registering "org.kde.StatusNotifierItem-3-1/StatusNotifierItem" to system tray kf.bluezqt: PendingCall Error: "The name org.bluez.obex was not provided by any .service files" Registering ":1.77/StatusNotifierItem" to system tray Registering ":1.49/StatusNotifierItem" to system tray Initializing "/usr/lib64/qt5/plugins/plasma/kcms/systemsettings/kcm_fonts.so" Registering "org.kde.StatusNotifierHost-1801" as system tray org.kde.plasma.nm.kded: Unhandled VPN connection state change: 2 QLayout: Attempting to add QLayout "" to QWidget "", which already has a layout KCrash: Attempting to start /usr/bin/kded5 KCrash: Application 'kded5' crashing... KCrash: Attempting to start /usr/libexec/drkonqi QSocketNotifier: Invalid socket 6 and type 'Read', disabling... QSocketNotifier: Invalid socket 20 and type 'Read', disabling... QSocketNotifier: Invalid socket 48 and type 'Read', disabling... kf.notifications: env says KDE is running but SNI unavailable -- check KDE_FULL_SESSION and XDG_CURRENT_DESKTOP kf5idletime_kwayland: This plugin does not support polling idle time print-manager.kded: unable to register service to dbus org.kde.libkbolt: Failed to connect to Bolt manager DBus interface: org.kde.bolt.kded: Couldn't connect to Bolt DBus daemon xsettingsd: Reloading configuration xsettingsd: Loaded 11 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 11 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 11 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 11 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 11 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 0 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 0 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 11 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 11 settings from /home/joe/.config/xsettingsd/xsettingsd.conf xsettingsd: Reloading configuration xsettingsd: Loaded 11 settings from /home/joe/.config/xsettingsd/xsettingsd.conf Installing the delayed initialization callback. org.kde.plasma.dataengine.geolocation: gpsd not found "location" Delayed initialization. Reloading the khotkeys configuration Version 2 File! true Imported file "/usr/share/khotkeys/defaults.khotkeys" Imported file "/usr/share/khotkeys/kde32b1.khotkeys" Imported file "/usr/share/khotkeys/konqueror_gestures_kde321.khotkeys" Registering "org.kde.StatusNotifierHost-1801" as system tray Registering "org.kde.StatusNotifierItem-3-1/StatusNotifierItem" to system tray Registering ":1.87/StatusNotifierItem" to system tray kf.bluezqt: PendingCall Error: "The name org.bluez.obex was not provided by any .service files" Registering ":1.175/StatusNotifierItem" to system tray Registering ":1.49/StatusNotifierItem" to system tray Registering ":1.77/StatusNotifierItem" to system tray Initializing "/usr/lib64/qt5/plugins/plasma/kcms/systemsettings/kcm_fonts.so" [1] + 14914 suspended (signal) kded5 org.kde.plasma.nm.kded: Unhandled VPN connection state change: 2 QLayout: Attempting to add QLayout "" to QWidget "", which already has a layout Unable to find file for pid 14914 expected at "kcrash-metadata/14914.ini" QSocketNotifier: Invalid socket 54 and type 'Read', disabling... QSocketNotifier: Invalid socket 56 and type 'Read', disabling... Unable to start Dr. Konqi Re-raising signal for core dump handling. Service ":1.175" unregistered [1] + 14914 segmentation fault (core dumped) kded5 Yesterday, 5.27 hit Tumbleweed repos, and applet seems to work again. Relevant package versions: openconnect-9.01-1.1.x86_64 libopenconnect5-9.01-1.1.x86_64 plasma-nm5-5.27.0-1.1.x86_64 plasma-nm5-openconnect-5.27.0-1.1.x86_64 NetworkManager-1.40.12-1.1.x86_64 NetworkManager-openconnect-1.2.8-2.1.x86_64 kded-5.103.0-1.1.x86_64 Just to point out that this happens on Fedora too. Relevant package versions: openconnect-9.01-3.fc37.x86_64 NetworkManager-openconnect-1.2.8-3.fc37.x86_64 plasma-nm-openconnect-5.26.5-1.fc37.x86_64 This issue was resolved long ago in the 5.27 release. |