Description of problem: When trying to setup WPA2 enterprise with TLS the dialog box asks for passwords for the CA, the client cert, and the client key. Only my client key has a password on it and the boxes for the password for CA and cert are disabled. If i try connecting i get the following error: Jul 11 18:52:28 thecheat gnome-control-c[9984]: Failed to add new connection: (7) 802-1x.ca-cert-password: password is not supported when certificate is not on a PKCS#11 token If i ignore the CA in the config it fails on the client-cert-password instead: Jul 11 19:00:23 thecheat gnome-control-c[9984]: Failed to add new connection: (7) 802-1x.client-cert-password: password is not supported when certificate is not on a PKCS#11 token Version-Release number of selected component (if applicable): 1.8.2 How reproducible: Everytime Steps to Reproduce: 1. Create new wifi profile with WPA2 Enterprise. 2. Select TLS 3. Use a CA (or skip) use a client certificate and client key (that is encrypted) and click connect Actual results: I get no error in the settings app. In nm-connection-editor I get the error that shows up in the logs. Log error is : Jul 11 18:52:28 thecheat gnome-control-c[9984]: Failed to add new connection: (7) 802-1x.ca-cert-password: password is not supported when certificate is not on a PKCS#11 token Expected results: It doesn't use an empty key for ca-cert or client-cert and instead just connect to wifi Additional info: Works on Fedora 25. Dialog seems different
Same problem here :( Basically makes it impossible to connect to the network here.....
Looks like this has been fixed upstream already. https://github.com/NetworkManager/NetworkManager/commit/699492c1a5509083aa87e770cc1df7de1a52f1ed#diff-d625f9505e195dbf49ba95c79cfadc5c
(In reply to Brandon Bennett from comment #2) > Looks like this has been fixed upstream already. > > https://github.com/NetworkManager/NetworkManager/commit/ > 699492c1a5509083aa87e770cc1df7de1a52f1ed#diff- > d625f9505e195dbf49ba95c79cfadc5c note: that fix is in the master branch and not in nm-1-8. 1.8.2 was actually cut after the fix was committed but does not contain the change.
The offending commit isn't in 1.8 either so maybe that is the wrong patch.
Created attachment 1300327 [details] [PATCH] libnma: don't return empty passwords from certificate chooser
Comment on attachment 1300327 [details] [PATCH] libnma: don't return empty passwords from certificate chooser I see the update regarding the patch, is there a timeline for this to be rolled out as a fix for this Network Manager issue? Thanks and regards, Louisa Hartnett
Having the same issue since upgrade to F26, is there any workaround in the meantime?
(In reply to Rodolfo Granata from comment #7) > Having the same issue since upgrade to F26, is there any workaround in the > meantime? The workaround I found was to downgrade NetworkMangaer to the version in the Fedora 25 repositories using dnf install NetworkManager-1.4.4-5.fc25 --release=25 --allowerasing Note that this does downgrade some packages such as python, but you can reinstall them manually (for instance I reinstalled python with sudo dnf install python3-3.6.2-5.fc26 --release=26 --allowerasing). Not sure if this is the greatest solution but it is a workaround that worked for me.
(In reply to Beniamino Galvani from comment #5) > Created attachment 1300327 [details] > [PATCH] libnma: don't return empty passwords from certificate chooser lgtm. Applied upstream as https://git.gnome.org/browse/network-manager-applet/commit/?id=f78c1fe9e528a7cf2edd430a559e2fe5fd5525a7 (In reply to Rodolfo Granata from comment #7) > Having the same issue since upgrade to F26, is there any workaround in the > meantime? use nmcli to fix the connection, something like nmcli connection modify "$CONN" 802-1x.ca-cert '' (In reply to Nick Krichevsky from comment #8) > (In reply to Rodolfo Granata from comment #7) > > Having the same issue since upgrade to F26, is there any workaround in the > > meantime? > > The workaround I found was to downgrade NetworkMangaer to the version in the > Fedora 25 repositories using dnf install NetworkManager-1.4.4-5.fc25 > --release=25 --allowerasing > > Note that this does downgrade some packages such as python, but you can > reinstall them manually (for instance I reinstalled python with sudo dnf > install python3-3.6.2-5.fc26 --release=26 --allowerasing). > > Not sure if this is the greatest solution but it is a workaround that worked > for me. according to comment 5 is the issue in libnma, not NetworkManager package. You might also just downgrade libnma package alone (NetworkManager is backward compatible against older libnma versions, not the other way around).
network-manager-applet-1.8.2-3.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-73d143918a
(In reply to Thomas Haller from comment #9) > (In reply to Beniamino Galvani from comment #5) > > Created attachment 1300327 [details] > > [PATCH] libnma: don't return empty passwords from certificate chooser > > lgtm. Applied upstream as > https://git.gnome.org/browse/network-manager-applet/commit/ > ?id=f78c1fe9e528a7cf2edd430a559e2fe5fd5525a7 > > (In reply to Rodolfo Granata from comment #7) > > Having the same issue since upgrade to F26, is there any workaround in the > > meantime? > > use nmcli to fix the connection, something like > nmcli connection modify "$CONN" 802-1x.ca-cert '' > > (In reply to Nick Krichevsky from comment #8) > > (In reply to Rodolfo Granata from comment #7) > > > Having the same issue since upgrade to F26, is there any workaround in the > > > meantime? > > > > The workaround I found was to downgrade NetworkMangaer to the version in the > > Fedora 25 repositories using dnf install NetworkManager-1.4.4-5.fc25 > > --release=25 --allowerasing > > > > Note that this does downgrade some packages such as python, but you can > > reinstall them manually (for instance I reinstalled python with sudo dnf > > install python3-3.6.2-5.fc26 --release=26 --allowerasing). > > > > Not sure if this is the greatest solution but it is a workaround that worked > > for me. > > according to comment 5 is the issue in libnma, not NetworkManager package. > You might also just downgrade libnma package alone (NetworkManager is > backward compatible against older libnma versions, not the other way around). Just tried it - yes, this does work. dnf install libnma-1.40-1.fc25 --release=25 Thank you for the heads up.
network-manager-applet-1.8.2-3.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-73d143918a
network-manager-applet-1.8.2-3.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.