fix(nm): remove unusable 802.1x password parameters #5097
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently, we allow the user to set the CA cert and private key passwords in the snapshot via the following optional snapshot parameters (they are not exposed in the UI):
net.interface.%s.config.802-1x.private-key-password
: see herenet.interface.%s.config.802-1x.ca-cert-password
: see hereThese are mapped to NetworkManager’s:
private-key-password
: The password used to decrypt the private key specified in the "private-key" property when the private key either uses the path scheme, or if the private key is a PKCS#12 format key.ca-cert-password
: The password used to access the CA certificate stored in "ca-cert" property. Only makes sense if the certificate is stored on a PKCS#11 token that requires a login.This is wrong because, since we’re using the Kura Keystore to store the keys we:
Therefore these settings can’t be used.
In addition to that, to solve Issue-6767 "[NetworkManager][802.1x] Authentication keys are saved in cleartext on filesystem by NetworkManager" we need to use the
private-key-password
parameter and cannot allow the user to override this field.Fortunately(!?) we didn’t document any of the 802.1x parameters in the docs
After a discussion we @MMaiero we decided to remove any use of these parameters in our current codebase since they were optional and undocumented.