684163 – NM ignores expired certificate for WiFi connection via RADIUS server

Bug 684163 - NM ignores expired certificate for WiFi connection via RADIUS server

Summary: NM ignores expired certificate for WiFi connection via RADIUS server

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	NetworkManager
Sub Component:
Version:	14
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Dan Williams
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-03-11 11:06 UTC by Milan Kerslager
Modified:	2012-08-16 13:00 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-08-16 13:00:23 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
The /var/log/messages for current connection with expired certificate (6.23 KB, text/plain) 2011-03-11 11:06 UTC, Milan Kerslager	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Milan Kerslager 2011-03-11 11:06:57 UTC

Created attachment 483685 [details]
The /var/log/messages for current connection with expired certificate

I have WiFi network with WPA2 and RADIUS authentication (config is the same as eduroam). The certificate for FreeRADIUS server expires today but I'm able to connect to the wireless network (named RADIUS) without a problem. I see this issue as serious security problem.

The config file of FreeRADIUS:

$ grep certificate_file /etc/raddb/*        
/etc/raddb/eap.conf: certificate_file = ${raddbdir}/certs/cert-CESNET-CA-TLSsrv.pem

The certificate output from this FreeRADIUS server:

$ openssl x509 -text -noout -in /etc/raddb/certs/cert-CESNET-CA-TLSsrv.pem
            Not Before: Feb 11 07:28:41 2010 GMT
            Not After : Mar 11 07:58:41 2011 GMT

My current time:

$ TZ=GMT date
Fri Mar 11 11:06:38 GMT 2011

Comment 1 Fedora End Of Life 2012-08-16 13:00:26 UTC

This message is a notice that Fedora 14 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 14. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained.  At this time, all open bugs with a Fedora 'version'
of '14' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this 
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen 
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we were unable to fix it before Fedora 14 reached end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" (top right of this page) and open it against that 
version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Note You need to log in before you can comment on or make changes to this bug.