colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libnm/802-1x: check is-pkcs12 only for blob certificates in verify_tls()

Browse Source 
If the certificate is not a blob, it makes no sense to call
nm_crypto_is_pkcs12_data().
This commit is contained in:
Thomas Haller
2022-03-19 00:42:02 +01:00
parent d3a6b9e7cc
commit ee1467fcdb
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/libnm-core-impl/nm-setting-8021x.c
View File

@@ -2673,10 +2673,11 @@ verify_tls(NMSetting8021x *self, gboolean phase2, GError **error)
return FALSE; return FALSE;
} }
/* If the private key is PKCS#12, check that it matches the client cert */ if (_nm_setting_802_1x_cert_get_scheme(private_key, NULL) == NM_SETTING_802_1X_CK_SCHEME_BLOB
if (nm_crypto_is_pkcs12_data(g_bytes_get_data(private_key, NULL), && nm_crypto_is_pkcs12_data(g_bytes_get_data(private_key, NULL),
g_bytes_get_size(private_key), g_bytes_get_size(private_key),
NULL)) { NULL)) {
/* If the private key is PKCS#12, check that it matches the client cert */
if (!g_bytes_equal(private_key, client_cert)) { if (!g_bytes_equal(private_key, client_cert)) {
g_set_error(error, g_set_error(error,
NM_CONNECTION_ERROR, NM_CONNECTION_ERROR,