Interactive certificate dialog?
|
View:
New views
4 Messages
—
Rating Filter:
Alert me
|
 |
Interactive certificate dialog?
by Matthew Saltzman-2
::
Rate this Message:
My employer's wireless system is undergoing maintenance and information
about our SSL certificate for WPA has changed. On Windows, when you are offered an untrusted certificate, there is a pop-up dialog asking you whether to accept the certificate or not. In NetworkManager, the connection simply fails with no indication of what the problem is. In my case, the solution is to hunt down a source for the appropriate certificate, copy it into /etc/pki/tls/certs, and set NM to point to that file for its cert. Would it be possible for NM to enter into a dialog with the user about accepting the certificate? If that's not acceptable, would it at least be possible to provide a more informative message about the cause for the connection failure? Thanks. -- Matthew Saltzman Clemson University Math Sciences mjs AT clemson DOT edu http://www.math.clemson.edu/~mjs _______________________________________________ NetworkManager-list mailing list NetworkManager-list@... http://mail.gnome.org/mailman/listinfo/networkmanager-list |
|
|
Re: Interactive certificate dialog?
by Henrik Johansson-8
::
Rate this Message:
+1
On Thu, Oct 29, 2009 at 7:52 PM, Matthew Saltzman <mjs@...> wrote: My employer's wireless system is undergoing maintenance and information _______________________________________________ NetworkManager-list mailing list NetworkManager-list@... http://mail.gnome.org/mailman/listinfo/networkmanager-list |
|
|
Re: Interactive certificate dialog?
by Dan Williams
::
Rate this Message:
On Thu, 2009-10-29 at 14:52 -0400, Matthew Saltzman wrote:
> My employer's wireless system is undergoing maintenance and information > about our SSL certificate for WPA has changed. On Windows, when you are > offered an untrusted certificate, there is a pop-up dialog asking you > whether to accept the certificate or not. In NetworkManager, the > connection simply fails with no indication of what the problem is. > > In my case, the solution is to hunt down a source for the appropriate > certificate, copy it into /etc/pki/tls/certs, and set NM to point to > that file for its cert. > > Would it be possible for NM to enter into a dialog with the user about > accepting the certificate? If that's not acceptable, would it at least > be possible to provide a more informative message about the cause for > the connection failure? This is my bright rosy future. A system certificate store. Unfortunately, we're not there yet. Here's why. 1) wpa_supplicant doesn't communicate certificate validation failures (or any failures really) up to the caller. Thus, unless we screenscrape the supplicant debug output, we have no way of finding out that the failure was because the CA certificate validation failed. 2) Even if we could do that, we don't have a mechanism for the supplicant to send the received CA certificate back up to the caller (ie, NM) so that NM could proxy it to userspace for the user to look at. Even just fixing #1 so that we know what the problem is would be awesome. We'll get there, it'll just take some time and fixes to the supplicant. Dan _______________________________________________ NetworkManager-list mailing list NetworkManager-list@... http://mail.gnome.org/mailman/listinfo/networkmanager-list |
|
|
Re: Interactive certificate dialog?
by Matthew Saltzman-2
::
Rate this Message:
On Mon, 2009-11-02 at 13:11 -0800, Dan Williams wrote:
> On Thu, 2009-10-29 at 14:52 -0400, Matthew Saltzman wrote: > > My employer's wireless system is undergoing maintenance and information > > about our SSL certificate for WPA has changed. On Windows, when you are > > offered an untrusted certificate, there is a pop-up dialog asking you > > whether to accept the certificate or not. In NetworkManager, the > > connection simply fails with no indication of what the problem is. > > > > In my case, the solution is to hunt down a source for the appropriate > > certificate, copy it into /etc/pki/tls/certs, and set NM to point to > > that file for its cert. > > > > Would it be possible for NM to enter into a dialog with the user about > > accepting the certificate? If that's not acceptable, would it at least > > be possible to provide a more informative message about the cause for > > the connection failure? > > This is my bright rosy future. A system certificate store. > Unfortunately, we're not there yet. Here's why. > > 1) wpa_supplicant doesn't communicate certificate validation failures > (or any failures really) up to the caller. Thus, unless we screenscrape > the supplicant debug output, we have no way of finding out that the > failure was because the CA certificate validation failed. > > 2) Even if we could do that, we don't have a mechanism for the > supplicant to send the received CA certificate back up to the caller > (ie, NM) so that NM could proxy it to userspace for the user to look at. > > Even just fixing #1 so that we know what the problem is would be > awesome. We'll get there, it'll just take some time and fixes to the > supplicant. OK Thanks. I'll be watching for it.... > > Dan > > > -- Matthew Saltzman Clemson University Math Sciences mjs AT clemson DOT edu http://www.math.clemson.edu/~mjs _______________________________________________ NetworkManager-list mailing list NetworkManager-list@... http://mail.gnome.org/mailman/listinfo/networkmanager-list |
| Free embeddable forum powered by Nabble | Forum Help |
