libnm/802-1x: check is-pkcs12 only for blob certificates in verify_tls()

If the certificate is not a blob, it makes no sense to call nm_crypto_is_pkcs12_data().
author: Thomas Haller <thaller@redhat.com> 2022-03-19 00:42:02 +0100
committer: Thomas Haller <thaller@redhat.com> 2022-03-29 11:52:38 +0200
commit: ee1467fcdba39733a96e265a4e630cc758bcce7a (patch)
tree: 5b12f0d5c18a3a5aa5abea8c66bea3ad6ce36165
parent: d3a6b9e7cc9a40ae2a0845639ccc77fce68f1d57 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/src/libnm-core-impl/nm-setting-8021x.c b/src/libnm-core-impl/nm-setting-8021x.c
index d720bf7a59..fa0a3057fe 100644
--- a/src/libnm-core-impl/nm-setting-8021x.c
+++ b/src/libnm-core-impl/nm-setting-8021x.c
@@ -2673,10 +2673,11 @@ verify_tls(NMSetting8021x *self, gboolean phase2, GError **error)
         return FALSE;
     }
 
-    /* If the private key is PKCS#12, check that it matches the client cert */
-    if (nm_crypto_is_pkcs12_data(g_bytes_get_data(private_key, NULL),
-                                 g_bytes_get_size(private_key),
-                                 NULL)) {
+    if (_nm_setting_802_1x_cert_get_scheme(private_key, NULL) == NM_SETTING_802_1X_CK_SCHEME_BLOB
+        && nm_crypto_is_pkcs12_data(g_bytes_get_data(private_key, NULL),
+                                    g_bytes_get_size(private_key),
+                                    NULL)) {
+        /* If the private key is PKCS#12, check that it matches the client cert */
         if (!g_bytes_equal(private_key, client_cert)) {
             g_set_error(error,
                         NM_CONNECTION_ERROR,
author	Thomas Haller <thaller@redhat.com>	2022-03-19 00:42:02 +0100
committer	Thomas Haller <thaller@redhat.com>	2022-03-29 11:52:38 +0200
commit	ee1467fcdba39733a96e265a4e630cc758bcce7a (patch)
tree	5b12f0d5c18a3a5aa5abea8c66bea3ad6ce36165
parent	d3a6b9e7cc9a40ae2a0845639ccc77fce68f1d57 (diff)