Bug 586256 - NM looses p12 certificate location each time
Summary: NM looses p12 certificate location each time
Alias: None
Product: Fedora
Classification: Fedora
Component: NetworkManager
Version: 12
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Dan Williams
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2010-04-27 07:24 UTC by Robert de Rooy
Modified: 2010-05-03 09:19 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-05-03 09:19:17 UTC
Type: ---

Attachments (Terms of Use)

Description Robert de Rooy 2010-04-27 07:24:23 UTC
Description of problem:
I use a Wireless network for which I have a private p12 certificate. I have this setup properly in NetworkManager.

However, each reboot or logout/login I need to tell it again where the certificate is located. All other settings it does keep, including the password. The certificate file is stored in a subdirectory of my home directory.

After telling it the location of the p12 certificate it will connect, but going to edit connections, the Private key is again set to (none), so clearly it is not being saved.

Also it will ask me each and every time if I do not want to set a certificate authority, and selecting the "do not ask me again" checkbox has no effect.

Version-Release number of selected component (if applicable):

How reproducible:
Each time after a new login or reboot when connecting to this network which needs a private key.

Steps to Reproduce:
1. create a WiFi profile with a private p12 certificate
2. logout (or reboot)
3. Login
4. when NM detects the WiFi network it will ask for the security settings because the private key is missing
Actual results:
Security dialog box with p12 private certificate missing

Expected results:
automatically reconnect

Additional info:

Comment 1 Dan Williams 2010-04-27 17:52:57 UTC
Hmm, I wasn't able to reproduce this issue earlier this month after one report, and the original reporter said it went away.  Can you grab your ~/.xsession-errors file for me?  And also, do you have SELinux enabled ('getenforce' from a terminal will tell you)?  Last, where is the .p12 certificate, your homedir, a system directory, etc?

Comment 2 Robert de Rooy 2010-04-27 20:00:15 UTC
Selinux is set to permissive, and the certificate file is located in my home directory.

After a bit of digging into gconf-editor, I some testing I figured out how to trigger this problem.

1. create connection profile with p12 certificate
2. delete old p12 certificate
3. try to point NM to the new certificate file location

networkmanager will not save the new certificate file location

But if you take this sequence instead, all works fine

1. create connection profile with p12 certificate
2. point NM to the new certificate file
3. delete old p12 certificate

basically once the data in gconf is invalid, nm will no longer update it with new data.

Comment 3 Dan Williams 2010-04-30 22:00:12 UTC
I'm not sure I understand quite what "point NM to the new certificate means here"; do you mean point the *connection editor* at the new file after having deleted it, or do you mean point the *applet* at the new file when it asks you for the connection details after you deleted the old one?

I did:

1) open the connection editor
2) create new WPA-Enterprise TLS connection using a p12 file and a PEM-format CA certificate
3) close the connection editor
4) choose the AP from the menu
5) verify that we get connected
6) from a terminal, move the old P12 file somewhere else
7) log out
8) log back in; nm-applet asks for the private key
9) give it the new location and wait for connection
10) verify that new private key is seen in connection editor
11) log out
12 log back in and verify that we get connected again

What's your exact procedure to reproduce this again?  I'm also using the latest testing version of NM from f12-updates, which could affect the problem, but there haven't been major chnages to the connection-editor or applet since the build you're using so I don't expect the issue to have been fixed necessarily.

Comment 4 Robert de Rooy 2010-05-03 07:14:29 UTC
Well, this is strange. I tried again to duplicate the behaviour I had in the past, and could not.

What I had a few days ago is that the connection editor would claim no certificate if the file referenced in gconf was no longer present. And when selecting a new certificate it would use if for connecting, but not save it to gconf, as if the gconf entry was read-only. So if you 'saved' the profile in the connection editor and went back in it still claimed (none) and in gconf it was still pointing to the old one.

What I did to fix it was to delete the certificate file entries in gconf-editor manually, and select the certificate again in the connection editor. And now I cannot duplicate the old behaviour any more.

Comment 5 Dan Williams 2010-05-03 09:19:17 UTC
Ok, if you see this again, please re-open so I can try to track it down again.  Thanks!

Note You need to log in before you can comment on or make changes to this bug.