Bug 329837 - VPN importer should import the provided certificates too.
Summary: VPN importer should import the provided certificates too.
Status: RESOLVED FIXED
Alias: None
Product: plasma-nm
Classification: Plasma
Component: editor (show other bugs)
Version: 0.9.3.3
Platform: Ubuntu Linux
: NOR wishlist
Target Milestone: ---
Assignee: Lamarque V. Souza
URL:
Keywords:
: 337091 (view as bug list)
Depends on:
Blocks:
 
Reported: 2014-01-11 10:04 UTC by m.wege
Modified: 2014-10-08 14:02 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In: 0.9.3.4
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description m.wege 2014-01-11 10:04:26 UTC
I recently  imported VPN settings and discovered later that the certificate was not imported itself. It just placed a link to the certificate which I only realised after it did not work because I had moved the folder containing the files. I believe it would make much more sense if during import the certificate would be imported (copied) itself to something like ~/.kde/share/config/vpncertificates/*

Reproducible: Always
Comment 1 Michael 2014-04-07 19:40:59 UTC
Any certificate added directly to the ovpn-config file (example following) won't be imported, too.

Example:
...
user nobody
group nobody
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
FOO1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
FOO2
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
FOO3
-----END CERTIFICATE-----
</ca>
cipher AES-128-CBC
auth SHA256
pull
...
Comment 2 Lamarque V. Souza 2014-07-05 20:48:20 UTC
*** Bug 337091 has been marked as a duplicate of this bug. ***
Comment 3 Lamarque V. Souza 2014-07-05 20:54:20 UTC
Some notes about the importing code:

. the options below are not supported yet and are ignored when importing a file:

remote-random
resolv-retry
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type
verb
explicit-exit-notify
key-direction
remote-cert-tls

. we support one "remote" option only. The last one inside the file will be one used and the other will be ignored.

At least for now, anybody with certificates embedded into .ovpn file must extract them manually into separated files and add their paths to the .ovpn. Sorry for the inconvenience. Patchs implementing this feature are welcomed.
Comment 4 Lamarque V. Souza 2014-07-06 03:44:49 UTC
Git commit 2c11872ebf4db1a17b420915a973cad8a069099a by Lamarque V. Souza.
Committed on 06/07/2014 at 02:18.
Pushed by lvsouza into branch '0.9.3'.

Import keys and certificates in OpenVpn plugin.
FIXED-IN: 0.9.3.4

M  +99   -4    vpn/openvpn/openvpn.cpp
M  +3    -0    vpn/openvpn/openvpn.h

http://commits.kde.org/plasma-nm/2c11872ebf4db1a17b420915a973cad8a069099a
Comment 5 Jan Grulich 2014-07-06 08:59:39 UTC
Git commit 32d647dd79ae3c62484a73d9569069ba0470dd25 by Jan Grulich, on behalf of Lamarque V. Souza.
Committed on 06/07/2014 at 02:18.
Pushed by grulich into branch 'master'.

Import keys and certificates in OpenVpn plugin.
FIXED-IN: 0.9.3.4

M  +110  -1    vpn/openvpn/openvpn.cpp
M  +3    -0    vpn/openvpn/openvpn.h

http://commits.kde.org/plasma-nm/32d647dd79ae3c62484a73d9569069ba0470dd25
Comment 6 Lamarque V. Souza 2014-07-06 13:50:44 UTC
Git commit abf2a230bd1e240aeea9e44d908d4559a908d963 by Lamarque V. Souza.
Committed on 06/07/2014 at 13:39.
Pushed by lvsouza into branch '0.9.3'.

When importing OpenVpn configuration files try copying the files especified by
ca, cert, key, secret and tls-auth options to Plasma NM's certificates
directory. If there is an error during the copy the original ones will be
used.

PS: the files are not deleted when the connection is deleted. Remove them
manually if that is what you want.

M  +34   -13   vpn/openvpn/openvpn.cpp
M  +5    -1    vpn/openvpn/openvpn.h

http://commits.kde.org/plasma-nm/abf2a230bd1e240aeea9e44d908d4559a908d963
Comment 7 Lamarque V. Souza 2014-07-06 13:59:08 UTC
Git commit 76c5091fab1071e4983ca76f3ce648c15cef3ec9 by Lamarque V. Souza.
Committed on 06/07/2014 at 13:39.
Pushed by lvsouza into branch 'master'.

When importing OpenVpn configuration files try copying the files especified by
ca, cert, key, secret and tls-auth options to Plasma NM's certificates
directory. If there is an error during the copy the original ones will be
used.

PS: the files are not deleted when the connection is deleted. Remove them
manually if that is what you want.

M  +36   -13   vpn/openvpn/openvpn.cpp
M  +5    -1    vpn/openvpn/openvpn.h

http://commits.kde.org/plasma-nm/76c5091fab1071e4983ca76f3ce648c15cef3ec9
Comment 8 Jan Grulich 2014-10-08 14:00:33 UTC
Git commit 3a15b44e65a3a391d62739e5fc8f844490cfdd79 by Jan Grulich.
Committed on 08/10/2014 at 14:00.
Pushed by grulich into branch '0.9.3'.

Ask user if they want to copy their certificates under KDE configuration during OpenVPN import

REVIEW:120530
Related: bug 339654

M  +42   -12   vpn/openvpn/openvpn.cpp

http://commits.kde.org/plasma-nm/3a15b44e65a3a391d62739e5fc8f844490cfdd79
Comment 9 Jan Grulich 2014-10-08 14:01:59 UTC
Git commit fe3814d3cd182d29b8e0c03bd3ae3c1e9b6118a6 by Jan Grulich.
Committed on 08/10/2014 at 14:00.
Pushed by grulich into branch 'master'.

Ask user if they want to copy their certificates under KDE configuration during OpenVPN import

REVIEW:120530
Related: bug 339654

M  +42   -12   vpn/openvpn/openvpn.cpp

http://commits.kde.org/plasma-nm/fe3814d3cd182d29b8e0c03bd3ae3c1e9b6118a6
Comment 10 Jan Grulich 2014-10-08 14:02:14 UTC
Git commit c81c3cf85c96c8a177eaa9193672c2ae813119cd by Jan Grulich.
Committed on 08/10/2014 at 14:00.
Pushed by grulich into branch 'Plasma/5.1'.

Ask user if they want to copy their certificates under KDE configuration during OpenVPN import

REVIEW:120530
Related: bug 339654

M  +42   -12   vpn/openvpn/openvpn.cpp

http://commits.kde.org/plasma-nm/c81c3cf85c96c8a177eaa9193672c2ae813119cd