On Mon, 14 Sep 2015 10:36:59 +0200
Jan Grulich <jgrul...@redhat.com> wrote:

> Hi,
> 
> I'm trying to improve our WPA/WPA2 Enterprise support in KDE and I
> have few questions regarding 802-11x security setting.
> 
> 1) When phase2-foo properties should be used instead of just foo
> properties (e.g phase2-private-key/private-key) ? In implementation
> of gnome-applet I see they are used when phase2 property is set to
> true, but it's always set to false as I can see.
> 
phase2-foo properties are used for EAP methods that have 2 phases. In
the first phase a tunnel is established, and then, in phase 2, the
authentication is done inside the tunnel using the inner method that
uses the phase2 properties.
NM uses that for PEAP, TTLS and FAST EAP methods for which you can
specify inner methods.

I am not aware of gnome-shell applet implementation. You can look at 
nm-applet/nm-connection-editor code here:
https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-security/eap-method.c
https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-security/eap-method-peap.c

> 2) Are subjectMatch/altSubjectMatch properties still valid and used?
> I don't see this implemented in gnome-applet, but we had this
> implemented in the old KDE networkmanagement applet. I'm asking
> because we got a bug report about missing implementation of these
> properties for the new applet and I would like to be sure how this
> should be implemented. 
> 

https://developer.gnome.org/NetworkManager/1.0/ref-settings.html

Yes, the properties are valid and used for matching the certificates.
They are passed to wpa_supplicant that performs the certificates
matching.
http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/supplicant-manager/nm-supplicant-config.c#n971

It seems that nm-connection-editor/nn-applet did not handle the
properties. But they can be set via nmcli.

Jirka

_______________________________________________
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Reply via email to