diff options
author | Thomas Haller <thaller@redhat.com> | 2022-03-19 00:42:02 +0100 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2022-03-29 11:52:38 +0200 |
commit | ee1467fcdba39733a96e265a4e630cc758bcce7a (patch) | |
tree | 5b12f0d5c18a3a5aa5abea8c66bea3ad6ce36165 | |
parent | d3a6b9e7cc9a40ae2a0845639ccc77fce68f1d57 (diff) |
libnm/802-1x: check is-pkcs12 only for blob certificates in verify_tls()
If the certificate is not a blob, it makes no sense to call
nm_crypto_is_pkcs12_data().
-rw-r--r-- | src/libnm-core-impl/nm-setting-8021x.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/libnm-core-impl/nm-setting-8021x.c b/src/libnm-core-impl/nm-setting-8021x.c index d720bf7a59..fa0a3057fe 100644 --- a/src/libnm-core-impl/nm-setting-8021x.c +++ b/src/libnm-core-impl/nm-setting-8021x.c @@ -2673,10 +2673,11 @@ verify_tls(NMSetting8021x *self, gboolean phase2, GError **error) return FALSE; } - /* If the private key is PKCS#12, check that it matches the client cert */ - if (nm_crypto_is_pkcs12_data(g_bytes_get_data(private_key, NULL), - g_bytes_get_size(private_key), - NULL)) { + if (_nm_setting_802_1x_cert_get_scheme(private_key, NULL) == NM_SETTING_802_1X_CK_SCHEME_BLOB + && nm_crypto_is_pkcs12_data(g_bytes_get_data(private_key, NULL), + g_bytes_get_size(private_key), + NULL)) { + /* If the private key is PKCS#12, check that it matches the client cert */ if (!g_bytes_equal(private_key, client_cert)) { g_set_error(error, NM_CONNECTION_ERROR, |