Commit de0d4155 authored by Raphael Kubo da Costa's avatar Raphael Kubo da Costa Committed by Jan Grulich
Browse files

openconnect: Make FSID passphrase + empty private key combination work.

It should be possible to usen FSID-protected key passphrase with a user
certificate and no private key.

This was not working as expected because we were always calling
openconnect_set_client_cert() with QByteArray::data(). The latter will pass
an empty string rather than nullptr if it is empty, which can be the case
for `key` if it is not set. This causes openconnect_set_client_cert() to use
that empty string rather than handle the null argument case, and we would be
unexpectedly prompted for a key password when trying to connect.

Avoid running into this by explicitly passing `nullptr` when we have an
empty `key`.

BUG: 443770


(cherry picked from commit a76f4d4b)
parent 534e4ade
......@@ -195,7 +195,7 @@ void OpenconnectAuthWidget::readConfig()
if (!dataMap[NM_OPENCONNECT_KEY_USERCERT].isEmpty()) {
const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_USERCERT]);
const QByteArray key = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PRIVKEY]);
openconnect_set_client_cert(d->vpninfo, OC3DUP(crt.data()), OC3DUP(key.data()));
openconnect_set_client_cert(d->vpninfo, OC3DUP(crt.data()), OC3DUP(key.isEmpty() ? nullptr : key.data()));
if (!crt.isEmpty() && dataMap[NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID] == "yes") {
openconnect_passphrase_from_fsid(d->vpninfo);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment