Description of problem: Consider the following use case: a newbie is given a newbie.p12 file by his network admins and runs the following: openssl pkcs12 -in newbie.p12 -nocerts -out privateKey.pem openssl pkcs12 -in newbie.p12 -clcerts -nokeys -out publicCert.pem openssl pkcs12 -in newbie.p12 -cacerts -nokeys -out mynetwork_cacert.pem Unfortunately openssl is silly (I'll try to report bug to them too) and will happily do any or all of the following: - silently overwrite existing files - create empty files (e.g. if import password is incorrect) - silently create "somewhat broken" files (e.g. if PEM password is not provided when creating a private key) So, suppose that any or all of these files have problems (e.g. the user thinks he does not need a PEM password and leaves it blank, like he does each time he runs ssh-keygen) Now the user runs nm-applet, expecting to be able to select the three files generated above to connect to his WiFi network, as explained to him by the network admin. Instead, nm-applet just SILENTLY hides these in its file selection GUI, as if those files do not exist. The user is first frustrated (did I select the right directory? Have I misspelled the extension when running openssl? After googling the newbie becomes more expert and starts to wonder more sophisticated questions such as "Maybe it's a cacert and I named it incorrectly, but the pattern matching does not say *cacert.pem?"). Eventually the user is infuriated after attempting to fix the problem unsuccessfully for countless hours and tosses the new laptop out of the window. Version-Release number of selected component (if applicable): nm-applet --version does not report any version number, that should be another bug? How reproducible: 100% Steps to Reproduce: See the use case above Actual results: The nm-applet program just SILENTLY hides empty files or files containing incorrect data in its file selection GUI, as if those files do not exist. I am sure this has been developed as a "feature", but this is utterly broken design and completely unacceptable behavior to me. Expected results: The file selection widget should allow you to select a file, period. An error message dialog should be raised after opening the file, and clearly stating WHAT was wrong with the files. Additional info: I'm trying to hide the frustration this caused to us, but I am sure you can feel it, and I apologize if I'm being too blunt
What I think the GUI bits should do instead is allow selection of files based on file extension only. Then disable the OK/Apply/Save button if the files don't validate, and hilight the invalid file picker button in red or some other way to indicate that. It should also somehow report why the file doesn't validate, which the code already knows the answer to but isn't currently indicated anywhere in the UI.
@dcbw: I think your proposed behavior is way better than the current one, but still creating confusing results. For example, merely selecting a file will change its access date. I don't understand why you guys don't like the "normal" behavior of everything (select a file, press ok, and only then the file is accessed and a dialog with the problem, if any, is raised). But as I said, I'm ok with dcbw's proposed change. FWIW, I submitted the following two issues to openssl: https://github.com/openssl/openssl/issues/904 https://github.com/openssl/openssl/issues/905
This bug appears to have been reported against 'rawhide' during the Fedora 25 development cycle. Changing version to '25'.
Created attachment 1205645 [details] [PATCH] wireless-security: don't silently ignore files with invalid keys/certs
(In reply to Beniamino Galvani from comment #4) > Created attachment 1205645 [details] > [PATCH] wireless-security: don't silently ignore files with invalid > keys/certs lgtm
lgtm
Patch applied to master after resolving some conflicts: https://git.gnome.org/browse/network-manager-applet/commit/?id=e0063db110cc0704d1cd0326de9469f866387b50
This message is a reminder that Fedora 25 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 25. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '25'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 25 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 25 changed to end-of-life (EOL) status on 2017-12-12. Fedora 25 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.