Commit a76f4d4b authored by Raphael Kubo da Costa's avatar Raphael Kubo da Costa
Browse files

openconnect: Make FSID passphrase + empty private key combination work.

It should be possible to usen FSID-protected key passphrase with a user
certificate and no private key.

This was not working as expected because we were always calling
openconnect_set_client_cert() with QByteArray::data(). The latter will pass
an empty string rather than nullptr if it is empty, which can be the case
for `key` if it is not set. This causes openconnect_set_client_cert() to use
that empty string rather than handle the null argument case, and we would be
unexpectedly prompted for a key password when trying to connect.

Avoid running into this by explicitly passing `nullptr` when we have an
empty `key`.

BUG: 443770
parent 755c2a78
Pipeline #88955 passed with stage
in 1 minute and 20 seconds
...@@ -195,7 +195,7 @@ void OpenconnectAuthWidget::readConfig() ...@@ -195,7 +195,7 @@ void OpenconnectAuthWidget::readConfig()
if (!dataMap[NM_OPENCONNECT_KEY_USERCERT].isEmpty()) { if (!dataMap[NM_OPENCONNECT_KEY_USERCERT].isEmpty()) {
const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_USERCERT]); const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_USERCERT]);
const QByteArray key = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PRIVKEY]); const QByteArray key = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PRIVKEY]);
openconnect_set_client_cert(d->vpninfo, OC3DUP(, OC3DUP(; openconnect_set_client_cert(d->vpninfo, OC3DUP(, OC3DUP(key.isEmpty() ? nullptr :;
if (!crt.isEmpty() && dataMap[NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID] == "yes") { if (!crt.isEmpty() && dataMap[NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID] == "yes") {
openconnect_passphrase_from_fsid(d->vpninfo); openconnect_passphrase_from_fsid(d->vpninfo);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment