Bug 1623798

Summary: unable to create 8021x connection when private key is encrypted with aes256 cipher
Product: Red Hat Enterprise Linux 7 Reporter: Filip Pokryvka <fpokryvk>
Component: NetworkManagerAssignee: Beniamino Galvani <bgalvani>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.6CC: atragler, bgalvani, fgiudici, lmiksik, lrintel, rkhan, sukulkar, thaller, vbenes
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: NetworkManager-1.12.0-4.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 11:14:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Filip Pokryvka 2018-08-30 08:34:02 UTC 
Version-Release number of selected component (if applicable):

RHEL 7.6, NetworkManager-1.12.0-3.el7.x86_64

Steps to Reproduce:
1. generate private key encrypted by aes256
  openssl genrsa -aes256 -out test.key.enc.pem 2048

2. add new 8021x connection using encrypted private key
  nmcli con add type ethernet ifname \* con-name con_ethernet 802-1x.eap tls 802-1x.private-key test.key.enc.pem 802-1x.private-key-password <hidden>

Actual results:
Error: failed to modify 802-1x.private-key: 802-1x.private-key: invalid private key. 

Expected results:
Should throw error, that certificate is required, and connection should be created, when all other required fileds are provided

Additional info:
other ciphers works (aes128, des-cbc...)
Comment 4 Vladimir Benes 2018-09-05 13:37:57 UTC 
Tested on all architectures but s390x and aarch64 (as we don't have epel and thus hostapd)
Comment 6 errata-xmlrpc 2018-10-30 11:14:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3207