On Fri, 2008-12-05 at 14:25 +0100, Rafał Lichwała wrote: > Hi, > > Below some details and updates about EAP-TLS wired connection problems > in Network Manager. > > I was looking into source code for a while and that's what I found: > > When I fill in all the certs (client cert, CA cert, client key - all in > PEM format) and then click "Apply" I have the following in console for > the nm-connection-editor: > > > ######################### > ** (nm-connection-editor:29948): WARNING **: Unhandled setting secret > type (write) '802-1x/private-key' : 'GArray_guchar_' > > ** (nm-connection-editor:29948): WARNING **: Unhandled setting secret > type (write) '802-1x/phase2-private-key' : 'GArray_guchar_' > > ** (nm-connection-editor:29948): WARNING **: > nma_gconf_connection_changed: Invalid connection > /system/networking/connections/4: 'NMSetting8021x' / 'client-cert' > invalid: 2 > ######################### > > And no connection settings are stored. > > I've also checked that "nma_gconf_connection_changed" function is called > in that case (in > network-manager-applet/src/gconf-helpers/nma-gconf-connection.c) and > function fails on: > > utils_fill_connection_certs (gconf_connection); > > I've checked this "utils_fill_connection_certs" function (in > network-manager-applet/src/utils/utils.c) > and it seems that getting file names for certificates entered by user in > dialogs does not work: > > filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_CA_CERT_TAG); > > filename = g_object_get_data (G_OBJECT (connection), > NMA_PATH_CLIENT_CERT_TAG); > > filename = g_object_get_data (G_OBJECT (connection), > NMA_PATH_PHASE2_CA_CERT_TAG); > > filename = g_object_get_data (G_OBJECT (connection), > NMA_PATH_PHASE2_CLIENT_CERT_TAG); > > All these "filename" variables are NULL there. > The same in case I enter just client key in PKCS12 (in that case client > cert is disabled).
That's mostly the problem. I fixed the issue in the applet svn this morning. We're planning on doing a 0.7.1 pretty soon which will contain this fix. Dan > > I'm not sure if I understand the source codes well, but I hope it's just > some hint to fix the problem :) > > Cheers, > Rafal > > > Rafał Lichwała wrote: > > Sorry for the confusion... > > Some dependency packages were missing... :/ > > I remembered about "apt-get build-dep network-manager", but forgot about > > "apt-get build-dep network-manager-applet" :/ > > > > I've installed them and network-manager-applet build is fine now! :) > > > > So now I have NetworkManager svn4361 and network-manager-applet svn1053 > > installed, running and ready to test :) > > > > Unfortunately EAP-TLS for wired connections still does not work (which > > is the subject of this topic) :( > > > > When I run nm-connection-editor in command line and try to create TLS > > wired connection I have the following error messages: > > > > ################ > > ** (nm-connection-editor:6664): WARNING **: Invalid setting 802.1x > > Security: Invalid 802.1x security > > > > ** (nm-connection-editor:6664): WARNING **: Unhandled setting secret > > type (write) '802-1x/private-key' : 'GArray_guchar_' > > > > ** (nm-connection-editor:6664): WARNING **: Unhandled setting secret > > type (write) '802-1x/phase2-private-key' : 'GArray_guchar_' > > > > ** (nm-connection-editor:6664): WARNING **: > > nma_gconf_connection_changed: Invalid connection > > /system/networking/connections/2: 'NMSetting8021x' / 'client-cert' > > invalid: 2 > > ################ > > > > All the certs (client cert, client key and CA cert) are in PEM format > > and stored in separate files. > > > > Interesting thing is that after this try a connection file has been > > created in: > > > > /etc/NetworkManager/system-connections/test > > > > ("test" is a name of my test TLS wired connection). > > and it seems to contain some valuable data. > > But this connection settings are not visible in nm-connection-editor :( > > There is only one (that was already there before my try) wired > > connection named "Ifupdown (eth0)" which cannot be modified (all the UI > > are disabled) and cannot be removed. > > When I try to remove it I have "Removing connection failed: > > nm-settings.c.333 - Read-only connections may not be deleted.." > > > > > > > > Could you please take a look at the problem of creating TLS wired > > connection? :) > > > > Thanks! > > > > Cheers, > > Rafal > > > > Rafał Lichwała wrote: > >> Dan Williams wrote: > >>> Compile error should be fixed in svn4361 on both trunk and 0.7 stable > >>> branches. > >>> > >> > >> Thanks for this quick fix Dan! :) > >> NetworkManager build is fine now. > >> > >> But network-manager-applet build is failing... :( > >> So I'm still not able to build "nm-connection-editor" (which is a part > >> of network-manager-applet) to test against EAP-TLS connection setup. > >> > >> The build error is the following (network-manager-applet svn trunk > >> revision 1053): > >> > >> ########### > >> if /bin/bash ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H > >> -I. -I. -I../.. -I/usr/include/PolicyKit -DPOLKIT_VERSION_MAJOR=0 > >> -DPOLKIT_VERSION_MINOR=9 -DPOLKIT_VERSION_MICRO=0 > >> -I/usr/include/PolicyKit -I/usr/include/dbus-1.0 > >> -I/usr/lib/dbus-1.0/include -DORBIT2=1 -pthread > >> -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include > >> -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include > >> -I/usr/include/NetworkManager -I/usr/include/libnm-glib > >> -I/usr/include/gtk-2.0 -I/usr/lib/gtk-2.0/include > >> -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0 > >> -I/usr/include/pixman-1 -I/usr/include/freetype2 > >> -I/usr/include/libpng12 -I/usr/include/libglade-2.0 > >> -I/usr/include/libxml2 -I/usr/include/gconf/2 -I/usr/include/orbit-2.0 > >> -I/usr/include/gnome-keyring-1 -Wall -Werror -std=gnu89 -g -O2 > >> -Wshadow -Wmissing-declarations -Wmissing-prototypes > >> -Wdeclaration-after-statement -Wfloat-equal -Wno-unused-parameter > >> -Wno-sign-compare -MT libpolkit_helpers_la-polkit-gnome-action.lo -MD > >> -MP -MF ".deps/libpolkit_helpers_la-polkit-gnome-action.Tpo" -c -o > >> libpolkit_helpers_la-polkit-gnome-action.lo `test -f > >> 'polkit-gnome-action.c' || echo './'`polkit-gnome-action.c; \ > >> then mv -f ".deps/libpolkit_helpers_la-polkit-gnome-action.Tpo" > >> ".deps/libpolkit_helpers_la-polkit-gnome-action.Plo"; else rm -f > >> ".deps/libpolkit_helpers_la-polkit-gnome-action.Tpo"; exit 1; fi > >> libtool: compile: gcc -DHAVE_CONFIG_H -I. -I. -I../.. > >> -I/usr/include/PolicyKit -DPOLKIT_VERSION_MAJOR=0 > >> -DPOLKIT_VERSION_MINOR=9 -DPOLKIT_VERSION_MICRO=0 > >> -I/usr/include/PolicyKit -I/usr/include/dbus-1.0 > >> -I/usr/lib/dbus-1.0/include -DORBIT2=1 -pthread > >> -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include > >> -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include > >> -I/usr/include/NetworkManager -I/usr/include/libnm-glib > >> -I/usr/include/gtk-2.0 -I/usr/lib/gtk-2.0/include > >> -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0 > >> -I/usr/include/pixman-1 -I/usr/include/freetype2 > >> -I/usr/include/libpng12 -I/usr/include/libglade-2.0 > >> -I/usr/include/libxml2 -I/usr/include/gconf/2 -I/usr/include/orbit-2.0 > >> -I/usr/include/gnome-keyring-1 -Wall -Werror -std=gnu89 -g -O2 > >> -Wshadow -Wmissing-declarations -Wmissing-prototypes > >> -Wdeclaration-after-statement -Wfloat-equal -Wno-unused-parameter > >> -Wno-sign-compare -MT libpolkit_helpers_la-polkit-gnome-action.lo -MD > >> -MP -MF .deps/libpolkit_helpers_la-polkit-gnome-action.Tpo -c > >> polkit-gnome-action.c -fPIC -DPIC -o > >> .libs/libpolkit_helpers_la-polkit-gnome-action.o > >> cc1: warnings being treated as errors > >> polkit-gnome-action.c: In function ‘_compute_polkit_result_direct’: > >> polkit-gnome-action.c:816: error: > >> ‘polkit_context_can_caller_do_action’ is deprecated (declared at > >> /usr/include/PolicyKit/polkit/polkit-context.h:173) > >> polkit-gnome-action.c:827: error: > >> ‘polkit_context_can_caller_do_action’ is deprecated (declared at > >> /usr/include/PolicyKit/polkit/polkit-context.h:173) > >> make[3]: *** [libpolkit_helpers_la-polkit-gnome-action.lo] Error 1 > >> ########### > >> > >> > >> PolicyKit stuff in Ubuntu 8.10 is in version 0.9-1 > >> > >> Is that possible to apply another quick fix to move the build forward? :) > >> > >> Thanks! > >> > >> Cheers, > >> Rafal > >> > >> > >> > >> _______________________________________________ > >> NetworkManager-list mailing list > >> NetworkManager-list@gnome.org > >> http://mail.gnome.org/mailman/listinfo/networkmanager-list > > > > > > _______________________________________________ > > NetworkManager-list mailing list > > NetworkManager-list@gnome.org > > http://mail.gnome.org/mailman/listinfo/networkmanager-list > > _______________________________________________ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list