summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorDan Williams <dcbw@redhat.com>2008-11-13 21:19:08 +0000
committerDan Williams <dcbw@redhat.com>2008-11-13 21:19:08 +0000
commite2f65ce12ae4fe2f2b0c537eaf59d6c8f8c8a002 (patch)
treed1ca74254c9c7bf8e8911480185aa59bf42b8b17 /ChangeLog
parente4ae149b37f2a25e3b4e6e545884d504921ea817 (diff)
downloadNetworkManager-e2f65ce12ae4fe2f2b0c537eaf59d6c8f8c8a002.tar.gz
2008-11-13 Dan Williams <dcbw@redhat.com>
Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog62
1 files changed, 62 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 063992f184..c84965318d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,65 @@
+2008-11-13 Dan Williams <dcbw@redhat.com>
+
+ Add support for PKCS#12 private keys (bgo #558982)
+
+ * libnm-util/crypto.c
+ libnm-util/crypto.h
+ - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to
+ take a GByteArray instead of a filename
+ - (file_to_g_byte_array): handle private key files too
+ - (decrypt_key): take a GByteArray rather than data + len
+ - (crypto_get_private_key_data): refactor crypto_get_private_key() into
+ one function that takes a filename, and one that takes raw data;
+ detect pkcs#12 files as well
+ - (crypto_load_and_verify_certificate): detect file type
+ - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection
+ functions
+
+ * libnm-util/crypto_gnutls.c
+ - (crypto_decrypt): take GByteArray rather than data + len; fix a bug
+ whereby tail padding was incorrectly handled, leading to erroneous
+ successes when trying to decrypt the data
+ - (crypto_verify_cert): rework somewhat
+ - (crypto_verify_pkcs12): validate pkcs#12 keys
+
+ * libnm-util/crypto_nss.c
+ - (crypto_init): enable various pkcs#12 ciphers
+ - (crypto_decrypt): take a GByteArray rather than data + len
+ - (crypto_verify_cert): clean up
+ - (crypto_verify_pkcs12): validate pkcs#12 keys
+
+ * libnm-util/test-crypto.c
+ - Handle pkcs#12 keys
+
+ * libnm-util/nm-setting-8021x.c
+ libnm-util/nm-setting-8021x.h
+ libnm-util/libnm-util.ver
+ - Add two new properties, 'private-key-password' and
+ 'phase2-private-key-password', to be used in conjunction with
+ pkcs#12 keys
+ - (nm_setting_802_1x_set_ca_cert_from_file,
+ nm_setting_802_1x_set_client_cert_from_file,
+ nm_setting_802_1x_set_phase2_ca_cert_from_file,
+ nm_setting_802_1x_set_phase2_client_from_file): return certificate
+ type
+ - (nm_setting_802_1x_get_private_key_password,
+ nm_setting_802_1x_get_phase2_private_key_password): return private
+ key passwords
+ - (nm_setting_802_1x_set_private_key_from_file,
+ nm_setting_802_1x_set_phase2_private_key_from_file): set the private
+ key from a file, and update the private key password at the same time
+ - (nm_setting_802_1x_get_private_key_type,
+ nm_setting_802_1x_get_phase2_private_key_type): return the private
+ key type
+
+ * src/supplicant-manager/nm-supplicant-settings-verify.c
+ - Whitelist private key passwords
+
+ * src/supplicant-manager/nm-supplicant-config.c
+ - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys,
+ add the private key password to the supplicant config, but do not
+ add the client certificate (as required by wpa_supplicant)
+
2008-11-12 Tambet Ingo <tambet@gmail.com>
* system-settings/plugins/keyfile/nm-keyfile-connection.c (copy_one_secret)