diff options
author | Beniamino Galvani <bgalvani@redhat.com> | 2018-11-02 10:54:26 +0100 |
---|---|---|
committer | Beniamino Galvani <bgalvani@redhat.com> | 2018-11-20 15:15:57 +0100 |
commit | 8d5b01619b0518be59d661ed4780f6adeae38a38 (patch) | |
tree | b6a6dfb3a6520ff7f76710633f2d90395ab2ead6 | |
parent | a7640618078b5e98356086644d4af110819c92c7 (diff) | |
download | NetworkManager-8d5b01619b0518be59d661ed4780f6adeae38a38.tar.gz |
libnm-core: macsec: don't require a cak in verify()
CAK is a connection secret and can be NULL for various reasons
(agent-owned, no permissions to get secrets, etc.). verify() must not
require it.
Fixes: 474a0dbfbeeda7504d6599abe4adf0ddf18bab1e
-rw-r--r-- | libnm-core/nm-setting-macsec.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/libnm-core/nm-setting-macsec.c b/libnm-core/nm-setting-macsec.c index a9b1d550ad..9f60f945c1 100644 --- a/libnm-core/nm-setting-macsec.c +++ b/libnm-core/nm-setting-macsec.c @@ -245,6 +245,12 @@ verify_macsec_key (const char *key, gboolean cak, GError **error) { int req_len; + /* CAK is a connection secret and can be NULL for various + * reasons (agent-owned, no permissions to get secrets, etc.) + */ + if (cak && !key) + return TRUE; + if (!key || !key[0]) { g_set_error_literal (error, NM_CONNECTION_ERROR, |