colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ifcfg-rh: fix read/write of EAP-TLS connections

Browse Source 
TLS uses the 'identity' which previously wasn't read.  The private key
password should also only be used for PKCS#12 files, becuase they aren't
decrypted when read into the setting.

Private keys also need to be handled differently; PKCS#12 keys are written
out unchanged (ie, still encrypted) with their corresponding private key.
DER keys are stored in the setting unencrypted, so they are re-encrypted
before being written out to disk.  But because the private key password
isn't known for DER keys, a random password must be used to re-encrypt
the key.
This commit is contained in:
Dan Williams
2009-03-31 07:29:31 -04:00
parent f4c1b422cf
commit bebe3e891b
10 changed files with 791 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
system-settings/plugins/ifcfg-rh/utils.c
View File

@@ -37,15 +37,18 @@
char *
utils_bin2hexstr (const char *bytes, int len, int final_len)
{
static char hex_digits[] = "0123456789abcdef";
char * result;
int i;
static char hex_digits[] = "0123456789abcdef";
char *result;
int i;
gsize buflen = (len * 2) + 1;
g_return_val_if_fail (bytes != NULL, NULL);
g_return_val_if_fail (len > 0, NULL);
g_return_val_if_fail (len < 256, NULL); /* Arbitrary limit */
g_return_val_if_fail (len < 4096, NULL); /* Arbitrary limit */
if (final_len > -1)
g_return_val_if_fail (final_len < buflen, NULL);
result = g_malloc0 (len * 2 + 1);
result = g_malloc0 (buflen);
for (i = 0; i < len; i++)
{
result[2*i] = hex_digits[(bytes[i] >> 4) & 0xf];
@@ -54,6 +57,8 @@ utils_bin2hexstr (const char *bytes, int len, int final_len)
/* Cut converted key off at the correct length for this cipher type */
if (final_len > -1)
result[final_len] = '\0';
else
result[buflen - 1] = '\0';
return result;
}
@@ -123,13 +128,13 @@ utils_hash_byte_array (const GByteArray *data)
}
char *
utils_cert_path (const char *parent, const char *prefix, const char *suffix)
utils_cert_path (const char *parent, const char *suffix)
{
char *name, *dir, *path;
name = utils_get_ifcfg_name (parent);
dir = g_path_get_dirname (parent);
path = g_strdup_printf ("%s/%s-%s.%s", dir, prefix, name, suffix);
path = g_strdup_printf ("%s/%s-%s", dir, name, suffix);
g_free (dir);
g_free (name);
return path;