libnm-core: macsec: don't require a cak in verify()

CAK is a connection secret and can be NULL for various reasons (agent-owned, no permissions to get secrets, etc.). verify() must not require it. Fixes: 474a0dbfbeeda7504d6599abe4adf0ddf18bab1e
author: Beniamino Galvani <bgalvani@redhat.com> 2018-11-02 10:54:26 +0100
committer: Beniamino Galvani <bgalvani@redhat.com> 2018-11-20 15:15:57 +0100
commit: 8d5b01619b0518be59d661ed4780f6adeae38a38 (patch)
tree: b6a6dfb3a6520ff7f76710633f2d90395ab2ead6
parent: a7640618078b5e98356086644d4af110819c92c7 (diff)
download: NetworkManager-8d5b01619b0518be59d661ed4780f6adeae38a38.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/libnm-core/nm-setting-macsec.c b/libnm-core/nm-setting-macsec.c
index a9b1d550ad..9f60f945c1 100644
--- a/libnm-core/nm-setting-macsec.c
+++ b/libnm-core/nm-setting-macsec.c
@@ -245,6 +245,12 @@ verify_macsec_key (const char *key, gboolean cak, GError **error)
 {
 	int req_len;
 
+	/* CAK is a connection secret and can be NULL for various
+	 * reasons (agent-owned, no permissions to get secrets, etc.)
+	 */
+	if (cak && !key)
+		return TRUE;
+
 	if (!key || !key[0]) {
 		g_set_error_literal (error,
 		                     NM_CONNECTION_ERROR,
author	Beniamino Galvani <bgalvani@redhat.com>	2018-11-02 10:54:26 +0100
committer	Beniamino Galvani <bgalvani@redhat.com>	2018-11-20 15:15:57 +0100
commit	8d5b01619b0518be59d661ed4780f6adeae38a38 (patch)
tree	b6a6dfb3a6520ff7f76710633f2d90395ab2ead6
parent	a7640618078b5e98356086644d4af110819c92c7 (diff)
download	NetworkManager-8d5b01619b0518be59d661ed4780f6adeae38a38.tar.gz