auth-dialog: assume encrypted key file if the file can't be read (!73) · Merge requests · GNOME / NetworkManager-openvpn

Martin Wilck requested to merge mwilck/NetworkManager-openvpn:auth-dialog-encrypted-keyfile into main Jan 25, 2024

For openvpn with TLS and password, get_passwords_required() checks if the key file is encrypted. If the key file can't be opened (e.g. because it's owned by root with permissions 0600), is_encrypted() returns FALSE. The user will not be asked for a certificate password in this case, making it impossible to connect, and be left clueless about the reason.

If the keyfile is not readable, print an error message and assume that the password is required. While the error message will only be observed by nmcli users, this will allow users with encrypted keys to activate their connection. Users with unencrypted keys can just enter anything into the 2nd password prompt and will still be able to connect. Such users might be confused, but this is better than not being able to connect at all.

Fixes https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1384

auth-dialog: assume encrypted key file if the file can't be read

Merge request reports