libnm-util Reference Manual | ||||
---|---|---|---|---|
Top | Description | Object Hierarchy | Properties |
Synopsis
#include <nm-setting-8021x.h> enum NMSetting8021xCKFormat; enum NMSetting8021xCKScheme; #define NM_SETTING_802_1X_SETTING_NAME enum NMSetting8021xError; #define NM_TYPE_SETTING_802_1X_ERROR #define NM_SETTING_802_1X_ERROR GQuark nm_setting_802_1x_error_quark (void
); #define NM_SETTING_802_1X_EAP #define NM_SETTING_802_1X_IDENTITY #define NM_SETTING_802_1X_ANONYMOUS_IDENTITY #define NM_SETTING_802_1X_CA_CERT #define NM_SETTING_802_1X_CA_PATH #define NM_SETTING_802_1X_SUBJECT_MATCH #define NM_SETTING_802_1X_ALTSUBJECT_MATCHES #define NM_SETTING_802_1X_CLIENT_CERT #define NM_SETTING_802_1X_PHASE1_PEAPVER #define NM_SETTING_802_1X_PHASE1_PEAPLABEL #define NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING #define NM_SETTING_802_1X_PHASE2_AUTH #define NM_SETTING_802_1X_PHASE2_AUTHEAP #define NM_SETTING_802_1X_PHASE2_CA_CERT #define NM_SETTING_802_1X_PHASE2_CA_PATH #define NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH #define NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES #define NM_SETTING_802_1X_PHASE2_CLIENT_CERT #define NM_SETTING_802_1X_PASSWORD #define NM_SETTING_802_1X_PRIVATE_KEY #define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD #define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY #define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD #define NM_SETTING_802_1X_PIN #define NM_SETTING_802_1X_PSK #define NM_SETTING_802_1X_SYSTEM_CA_CERTS NMSetting8021x; NMSetting8021xClass; GType nm_setting_802_1x_get_type (void
); NMSetting * nm_setting_802_1x_new (void
); guint32 nm_setting_802_1x_get_num_eap_methods (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_eap_method (NMSetting8021x *setting
,guint32 i
); gboolean nm_setting_802_1x_add_eap_method (NMSetting8021x *setting
,const char *eap
); void nm_setting_802_1x_remove_eap_method (NMSetting8021x *setting
,guint32 i
); void nm_setting_802_1x_clear_eap_methods (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_identity (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_anonymous_identity (NMSetting8021x *setting
); gboolean nm_setting_802_1x_get_system_ca_certs (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_ca_path (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_phase2_ca_path (NMSetting8021x *setting
); NMSetting8021xCKScheme nm_setting_802_1x_get_ca_cert_scheme (NMSetting8021x *setting
); const GByteArray * nm_setting_802_1x_get_ca_cert_blob (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_ca_cert_path (NMSetting8021x *setting
); gboolean nm_setting_802_1x_set_ca_cert (NMSetting8021x *setting
,const char *value
,NMSetting8021xCKScheme scheme
,NMSetting8021xCKFormat *out_format
,GError **error
); const char * nm_setting_802_1x_get_subject_match (NMSetting8021x *setting
); guint32 nm_setting_802_1x_get_num_altsubject_matches (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_altsubject_match (NMSetting8021x *setting
,guint32 i
); gboolean nm_setting_802_1x_add_altsubject_match (NMSetting8021x *setting
,const char *altsubject_match
); void nm_setting_802_1x_remove_altsubject_match (NMSetting8021x *setting
,guint32 i
); void nm_setting_802_1x_clear_altsubject_matches (NMSetting8021x *setting
); NMSetting8021xCKScheme nm_setting_802_1x_get_client_cert_scheme (NMSetting8021x *setting
); const GByteArray * nm_setting_802_1x_get_client_cert_blob (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_client_cert_path (NMSetting8021x *setting
); gboolean nm_setting_802_1x_set_client_cert (NMSetting8021x *setting
,const char *value
,NMSetting8021xCKScheme scheme
,NMSetting8021xCKFormat *out_format
,GError **error
); const char * nm_setting_802_1x_get_phase1_peapver (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_phase1_peaplabel (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_phase1_fast_provisioning (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_phase2_auth (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_phase2_autheap (NMSetting8021x *setting
); NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_ca_cert_scheme (NMSetting8021x *setting
); const GByteArray * nm_setting_802_1x_get_phase2_ca_cert_blob (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_phase2_ca_cert_path (NMSetting8021x *setting
); gboolean nm_setting_802_1x_set_phase2_ca_cert (NMSetting8021x *setting
,const char *value
,NMSetting8021xCKScheme scheme
,NMSetting8021xCKFormat *out_format
,GError **error
); const char * nm_setting_802_1x_get_phase2_subject_match (NMSetting8021x *setting
); guint32 nm_setting_802_1x_get_num_phase2_altsubject_matches (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_phase2_altsubject_match (NMSetting8021x *setting
,guint32 i
); gboolean nm_setting_802_1x_add_phase2_altsubject_match (NMSetting8021x *setting
,const char *phase2_altsubject_match
); void nm_setting_802_1x_remove_phase2_altsubject_match (NMSetting8021x *setting
,guint32 i
); void nm_setting_802_1x_clear_phase2_altsubject_matches (NMSetting8021x *setting
); NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_client_cert_scheme (NMSetting8021x *setting
); const GByteArray * nm_setting_802_1x_get_phase2_client_cert_blob (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_phase2_client_cert_path (NMSetting8021x *setting
); gboolean nm_setting_802_1x_set_phase2_client_cert (NMSetting8021x *setting
,const char *value
,NMSetting8021xCKScheme scheme
,NMSetting8021xCKFormat *out_format
,GError **error
); const char * nm_setting_802_1x_get_password (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_pin (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_psk (NMSetting8021x *setting
); NMSetting8021xCKScheme nm_setting_802_1x_get_private_key_scheme (NMSetting8021x *setting
); const GByteArray * nm_setting_802_1x_get_private_key_blob (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_private_key_path (NMSetting8021x *setting
); gboolean nm_setting_802_1x_set_private_key (NMSetting8021x *setting
,const char *value
,const char *password
,NMSetting8021xCKScheme scheme
,NMSetting8021xCKFormat *out_format
,GError **error
); const char * nm_setting_802_1x_get_private_key_password (NMSetting8021x *setting
); NMSetting8021xCKFormat nm_setting_802_1x_get_private_key_format (NMSetting8021x *setting
); NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_private_key_scheme (NMSetting8021x *setting
); const GByteArray * nm_setting_802_1x_get_phase2_private_key_blob (NMSetting8021x *setting
); const char * nm_setting_802_1x_get_phase2_private_key_path (NMSetting8021x *setting
); gboolean nm_setting_802_1x_set_phase2_private_key (NMSetting8021x *setting
,const char *value
,const char *password
,NMSetting8021xCKScheme scheme
,NMSetting8021xCKFormat *out_format
,GError **error
); const char * nm_setting_802_1x_get_phase2_private_key_password (NMSetting8021x *setting
); NMSetting8021xCKFormat nm_setting_802_1x_get_phase2_private_key_format (NMSetting8021x *setting
); enum NMSetting8021xCKType; const GByteArray * nm_setting_802_1x_get_ca_cert (NMSetting8021x *setting
); gboolean nm_setting_802_1x_set_ca_cert_from_file (NMSetting8021x *setting
,const char *filename
,NMSetting8021xCKType *out_ck_type
,GError **error
); const GByteArray * nm_setting_802_1x_get_client_cert (NMSetting8021x *setting
); gboolean nm_setting_802_1x_set_client_cert_from_file (NMSetting8021x *setting
,const char *filename
,NMSetting8021xCKType *out_ck_type
,GError **error
); const GByteArray * nm_setting_802_1x_get_phase2_ca_cert (NMSetting8021x *setting
); gboolean nm_setting_802_1x_set_phase2_ca_cert_from_file (NMSetting8021x *setting
,const char *filename
,NMSetting8021xCKType *out_ck_type
,GError **error
); const GByteArray * nm_setting_802_1x_get_phase2_client_cert (NMSetting8021x *setting
); gboolean nm_setting_802_1x_set_phase2_client_cert_from_file (NMSetting8021x *setting
,const char *filename
,NMSetting8021xCKType *out_ck_type
,GError **error
); const GByteArray * nm_setting_802_1x_get_private_key (NMSetting8021x *setting
); gboolean nm_setting_802_1x_set_private_key_from_file (NMSetting8021x *setting
,const char *filename
,const char *password
,NMSetting8021xCKType *out_ck_type
,GError **error
); NMSetting8021xCKType nm_setting_802_1x_get_private_key_type (NMSetting8021x *setting
); const GByteArray * nm_setting_802_1x_get_phase2_private_key (NMSetting8021x *setting
); gboolean nm_setting_802_1x_set_phase2_private_key_from_file (NMSetting8021x *setting
,const char *filename
,const char *password
,NMSetting8021xCKType *out_ck_type
,GError **error
); NMSetting8021xCKType nm_setting_802_1x_get_phase2_private_key_type (NMSetting8021x *setting
);
Properties
"altsubject-matches" GSList_gchararray_* : Read / Write "anonymous-identity" gchar* : Read / Write "ca-cert" GArray_guchar_* : Read / Write "ca-path" gchar* : Read / Write "client-cert" GArray_guchar_* : Read / Write "eap" GSList_gchararray_* : Read / Write "identity" gchar* : Read / Write "password" gchar* : Read / Write "phase1-fast-provisioning" gchar* : Read / Write "phase1-peaplabel" gchar* : Read / Write "phase1-peapver" gchar* : Read / Write "phase2-altsubject-matches" GSList_gchararray_* : Read / Write "phase2-auth" gchar* : Read / Write "phase2-autheap" gchar* : Read / Write "phase2-ca-cert" GArray_guchar_* : Read / Write "phase2-ca-path" gchar* : Read / Write "phase2-client-cert" GArray_guchar_* : Read / Write "phase2-private-key" GArray_guchar_* : Read / Write "phase2-private-key-password" gchar* : Read / Write "phase2-subject-match" gchar* : Read / Write "private-key" GArray_guchar_* : Read / Write "private-key-password" gchar* : Read / Write "subject-match" gchar* : Read / Write "system-ca-certs" gboolean : Read / Write / Construct
Description
The NMSetting8021x object is a NMSetting subclass that describes properties necessary for connection to 802.1x-authenticated networks, such as WPA and WPA2 Enterprise WiFi networks and wired 802.1x networks. 802.1x connections typically use certificates and/or EAP authentication methods to securely verify, identify, and authenticate the client to the network itself, instead of simply relying on a widely shared static key.
It's a good idea to read up on wpa_supplicant configuration before using this setting extensively, since most of the options here correspond closely with the relevant wpa_supplicant configuration options.
Furthermore, to get a good idea of 802.1x, EAP, TLS, TTLS, etc and their applications to WiFi and wired networks, you'll want to get copies of the following books.
802.11 Wireless Networks: The Definitive Guide, Second Edition Author: Matthew Gast ISBN: 978-0596100520
Cisco Wireless LAN Security Authors: Krishna Sankar, Sri Sundaralingam, Darrin Miller, and Andrew Balinsky ISBN: 978-1587051548
Details
enum NMSetting8021xCKFormat
typedef enum { NM_SETTING_802_1X_CK_FORMAT_UNKNOWN = 0, NM_SETTING_802_1X_CK_FORMAT_X509, NM_SETTING_802_1X_CK_FORMAT_RAW_KEY, NM_SETTING_802_1X_CK_FORMAT_PKCS12 } NMSetting8021xCKFormat;
enum NMSetting8021xCKScheme
typedef enum { NM_SETTING_802_1X_CK_SCHEME_UNKNOWN = 0, NM_SETTING_802_1X_CK_SCHEME_BLOB, NM_SETTING_802_1X_CK_SCHEME_PATH } NMSetting8021xCKScheme;
enum NMSetting8021xError
typedef enum { NM_SETTING_802_1X_ERROR_UNKNOWN = 0, NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, NM_SETTING_802_1X_ERROR_MISSING_PROPERTY } NMSetting8021xError;
NM_TYPE_SETTING_802_1X_ERROR
#define NM_TYPE_SETTING_802_1X_ERROR (nm_setting_802_1x_error_get_type ())
nm_setting_802_1x_error_quark ()
GQuark nm_setting_802_1x_error_quark (void
);
Registers an error quark for NMSetting8021x if necessary.
Returns : |
the error quark used for NMSetting8021x errors. |
NM_SETTING_802_1X_ANONYMOUS_IDENTITY
#define NM_SETTING_802_1X_ANONYMOUS_IDENTITY "anonymous-identity"
NM_SETTING_802_1X_ALTSUBJECT_MATCHES
#define NM_SETTING_802_1X_ALTSUBJECT_MATCHES "altsubject-matches"
NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING
#define NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING "phase1-fast-provisioning"
NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH
#define NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH "phase2-subject-match"
NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES
#define NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES "phase2-altsubject-matches"
NM_SETTING_802_1X_PHASE2_CLIENT_CERT
#define NM_SETTING_802_1X_PHASE2_CLIENT_CERT "phase2-client-cert"
NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD
#define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD "private-key-password"
NM_SETTING_802_1X_PHASE2_PRIVATE_KEY
#define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY "phase2-private-key"
NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD
#define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD "phase2-private-key-password"
NMSetting8021xClass
typedef struct { NMSettingClass parent; /* Padding for future expansion */ void (*_reserved1) (void); void (*_reserved2) (void); void (*_reserved3) (void); void (*_reserved4) (void); } NMSetting8021xClass;
nm_setting_802_1x_new ()
NMSetting * nm_setting_802_1x_new (void
);
Creates a new NMSetting8021x object with default values.
Returns : |
the new empty NMSetting8021x object |
nm_setting_802_1x_get_num_eap_methods ()
guint32 nm_setting_802_1x_get_num_eap_methods
(NMSetting8021x *setting
);
Returns the number of eap methods allowed for use when connecting to the
network. Generally only one EAP method is used. Use the functions
nm_setting_802_1x_get_eap_method()
, nm_setting_802_1x_add_eap_method()
,
and nm_setting_802_1x_remove_eap_method()
for adding, removing, and retrieving
allowed EAP methods.
|
the NMSetting8021x |
Returns : |
the number of allowed EAP methods |
nm_setting_802_1x_get_eap_method ()
const char * nm_setting_802_1x_get_eap_method (NMSetting8021x *setting
,guint32 i
);
Returns the name of the allowed EAP method at index i
.
|
the NMSetting8021x |
|
the index of the EAP method name to return |
Returns : |
the name of the allowed EAP method at index i
|
nm_setting_802_1x_add_eap_method ()
gboolean nm_setting_802_1x_add_eap_method (NMSetting8021x *setting
,const char *eap
);
Adds an allowed EAP method. The setting is not valid until at least one EAP method has been added. See "eap" property for a list of allowed EAP methods.
|
the NMSetting8021x |
|
the name of the EAP method to allow for this connection |
Returns : |
TRUE if the EAP method was successfully added, FALSE if it was not a valid method or if it was already allowed. |
nm_setting_802_1x_remove_eap_method ()
void nm_setting_802_1x_remove_eap_method (NMSetting8021x *setting
,guint32 i
);
Removes the allowed EAP method at the specified index.
|
the NMSetting8021x |
|
the index of the EAP method to remove |
nm_setting_802_1x_clear_eap_methods ()
void nm_setting_802_1x_clear_eap_methods (NMSetting8021x *setting
);
Clears all allowed EAP methods.
|
the NMSetting8021x |
nm_setting_802_1x_get_identity ()
const char * nm_setting_802_1x_get_identity (NMSetting8021x *setting
);
Returns the identifier used by some EAP methods (like TLS) to authenticate the user. Often this is a username or login name.
|
the NMSetting8021x |
Returns : |
the user identifier |
nm_setting_802_1x_get_anonymous_identity ()
const char * nm_setting_802_1x_get_anonymous_identity
(NMSetting8021x *setting
);
Returns the anonymous identifier used by some EAP methods (like TTLS) to authenticate the user in the outer unencrypted "phase 1" authentication. The inner "phase 2" authentication will use the "identity" in a secure form, if applicable for that EAP method.
|
the NMSetting8021x |
Returns : |
the anonymous identifier |
nm_setting_802_1x_get_system_ca_certs ()
gboolean nm_setting_802_1x_get_system_ca_certs
(NMSetting8021x *setting
);
Sets the "system-ca-certs" property. The "ca-path" and "phase2-ca-path" properties are ignored if the "system-ca-certs" property is TRUE, in which case a system-wide CA certificate directory specified at compile time (using the --system-ca-path configure option) is used in place of these properties.
|
the NMSetting8021x |
Returns : |
TRUE if a system CA certificate path should be used, FALSE if not |
nm_setting_802_1x_get_ca_path ()
const char * nm_setting_802_1x_get_ca_path (NMSetting8021x *setting
);
Returns the path of the CA certificate directory if previously set. Systems will often have a directory that contains multiple individual CA certificates which the supplicant can then add to the verification chain. This may be used in addition to the "ca-cert" property to add more CA certificates for verifying the network to client.
|
the NMSetting8021x |
Returns : |
the CA certificate directory path |
nm_setting_802_1x_get_phase2_ca_path ()
const char * nm_setting_802_1x_get_phase2_ca_path
(NMSetting8021x *setting
);
Returns the path of the "phase 2" CA certificate directory if previously set. Systems will often have a directory that contains multiple individual CA certificates which the supplicant can then add to the verification chain. This may be used in addition to the "phase2-ca-cert" property to add more CA certificates for verifying the network to client.
|
the NMSetting8021x |
Returns : |
the "phase 2" CA certificate directory path |
nm_setting_802_1x_get_ca_cert_scheme ()
NMSetting8021xCKScheme nm_setting_802_1x_get_ca_cert_scheme
(NMSetting8021x *setting
);
Returns the scheme used to store the CA certificate. If the returned scheme
is NM_SETTING_802_1X_CK_SCHEME_BLOB
, use nm_setting_802_1x_get_ca_cert_blob()
;
if NM_SETTING_802_1X_CK_SCHEME_PATH
, use nm_setting_802_1x_get_ca_cert_path()
.
|
the NMSetting8021x |
Returns : |
scheme used to store the CA certificate (blob or path) |
nm_setting_802_1x_get_ca_cert_blob ()
const GByteArray * nm_setting_802_1x_get_ca_cert_blob (NMSetting8021x *setting
);
Returns the CA certificate blob if the CA certificate is stored using the
NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme. Not all EAP methods use a
CA certificate (LEAP for example), and those that can take advantage of the
CA certificate allow it to be unset. Note that lack of a CA certificate
reduces security by allowing man-in-the-middle attacks, because the identity
of the network cannot be confirmed by the client.
|
the NMSetting8021x |
Returns : |
the CA certificate data |
nm_setting_802_1x_get_ca_cert_path ()
const char * nm_setting_802_1x_get_ca_cert_path (NMSetting8021x *setting
);
Returns the CA certificate path if the CA certificate is stored using the
NM_SETTING_802_1X_CK_SCHEME_PATH
scheme. Not all EAP methods use a
CA certificate (LEAP for example), and those that can take advantage of the
CA certificate allow it to be unset. Note that lack of a CA certificate
reduces security by allowing man-in-the-middle attacks, because the identity
of the network cannot be confirmed by the client.
|
the NMSetting8021x |
Returns : |
path to the CA certificate file |
nm_setting_802_1x_set_ca_cert ()
gboolean nm_setting_802_1x_set_ca_cert (NMSetting8021x *setting
,const char *value
,NMSetting8021xCKScheme scheme
,NMSetting8021xCKFormat *out_format
,GError **error
);
Reads a certificate from disk and sets the "ca-cert" property
with the raw certificate data if using the NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme, or with the path to the certificate file if using the
NM_SETTING_802_1X_CK_SCHEME_PATH
scheme.
|
the NMSetting8021x |
|
when scheme is set to either NM_SETTING_802_1X_CK_SCHEME_PATH or
NM_SETTING_802_1X_CK_SCHEME_BLOB , pass the path of the CA certificate file
(PEM or DER format). The path must be UTF-8 encoded; use
g_filename_to_utf8() to convert if needed. Passing NULL with any scheme
clears the CA certificate.
|
|
desired storage scheme for the certificate |
|
on successful return, the type of the certificate added |
|
on unsuccessful return, an error |
Returns : |
TRUE if the operation succeeded, FALSE if it was unsuccessful |
nm_setting_802_1x_get_subject_match ()
const char * nm_setting_802_1x_get_subject_match (NMSetting8021x *setting
);
|
the NMSetting8021x |
Returns : |
the "subject-match" property. This is the substring to be matched against the subject of the authentication server certificate, or NULL no subject verification is to be performed. |
nm_setting_802_1x_get_num_altsubject_matches ()
guint32 nm_setting_802_1x_get_num_altsubject_matches
(NMSetting8021x *setting
);
Returns the number of entries in the "altsubject-matches" property of this setting.
|
the NMSetting8021x |
Returns : |
the number of altsubject-matches entries. |
nm_setting_802_1x_get_altsubject_match ()
const char * nm_setting_802_1x_get_altsubject_match (NMSetting8021x *setting
,guint32 i
);
Returns the altSubjectName match at index i
.
|
the NMSettingConnection |
|
the zero-based index of the array of altSubjectName matches |
Returns : |
the altSubjectName match at index i
|
nm_setting_802_1x_add_altsubject_match ()
gboolean nm_setting_802_1x_add_altsubject_match (NMSetting8021x *setting
,const char *altsubject_match
);
Adds an allowed alternate subject name match. Until at least one match is added, the altSubjectName of the remote authentication server is not verified.
|
the NMSetting8021x |
|
the altSubjectName to allow for this connection |
Returns : |
TRUE if the alternative subject name match was successfully added, FALSE if it was already allowed. |
nm_setting_802_1x_remove_altsubject_match ()
void nm_setting_802_1x_remove_altsubject_match (NMSetting8021x *setting
,guint32 i
);
Removes the allowed altSubjectName at the specified index.
|
the NMSetting8021x |
|
the index of the altSubjectName match to remove |
nm_setting_802_1x_clear_altsubject_matches ()
void nm_setting_802_1x_clear_altsubject_matches
(NMSetting8021x *setting
);
Clears all altSubjectName matches.
|
the NMSetting8021x |
nm_setting_802_1x_get_client_cert_scheme ()
NMSetting8021xCKScheme nm_setting_802_1x_get_client_cert_scheme
(NMSetting8021x *setting
);
Returns the scheme used to store the client certificate. If the returned scheme
is NM_SETTING_802_1X_CK_SCHEME_BLOB
, use nm_setting_802_1x_get_client_cert_blob()
;
if NM_SETTING_802_1X_CK_SCHEME_PATH
, use nm_setting_802_1x_get_client_cert_path()
.
|
the NMSetting8021x |
Returns : |
scheme used to store the client certificate (blob or path) |
nm_setting_802_1x_get_client_cert_blob ()
const GByteArray * nm_setting_802_1x_get_client_cert_blob
(NMSetting8021x *setting
);
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
Returns : |
the client certificate data |
nm_setting_802_1x_get_client_cert_path ()
const char * nm_setting_802_1x_get_client_cert_path
(NMSetting8021x *setting
);
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
Returns : |
path to the client certificate file |
nm_setting_802_1x_set_client_cert ()
gboolean nm_setting_802_1x_set_client_cert (NMSetting8021x *setting
,const char *value
,NMSetting8021xCKScheme scheme
,NMSetting8021xCKFormat *out_format
,GError **error
);
Reads a certificate from disk and sets the "client-cert"
property with the raw certificate data if using the
NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme, or with the path to the certificate
file if using the NM_SETTING_802_1X_CK_SCHEME_PATH
scheme.
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
|
when scheme is set to either NM_SETTING_802_1X_CK_SCHEME_PATH or
NM_SETTING_802_1X_CK_SCHEME_BLOB , pass the path of the client certificate
file (PEM, DER, or PKCS12 format). The path must be UTF-8 encoded; use
g_filename_to_utf8() to convert if needed. Passing NULL with any scheme
clears the client certificate.
|
|
desired storage scheme for the certificate |
|
on successful return, the type of the certificate added |
|
on unsuccessful return, an error |
Returns : |
TRUE if the operation succeeded, FALSE if it was unsuccessful |
nm_setting_802_1x_get_phase1_peapver ()
const char * nm_setting_802_1x_get_phase1_peapver
(NMSetting8021x *setting
);
|
the NMSetting8021x |
Returns : |
the "phase 1" PEAP version to be used when authenticating with EAP-PEAP as contained in the "phase1-peapver" property. Valid values are NULL (unset), "0" (PEAP version 0), and "1" (PEAP version 1). |
nm_setting_802_1x_get_phase1_peaplabel ()
const char * nm_setting_802_1x_get_phase1_peaplabel
(NMSetting8021x *setting
);
|
the NMSetting8021x |
Returns : |
whether the "phase 1" PEAP label is new-style or old-style, to be used when authenticating with EAP-PEAP, as contained in the "phase1-peaplabel" property. Valid values are NULL (unset), "0" (use old-style label), and "1" (use new-style label). See the wpa_supplicant documentation for more details. |
nm_setting_802_1x_get_phase1_fast_provisioning ()
const char * nm_setting_802_1x_get_phase1_fast_provisioning
(NMSetting8021x *setting
);
|
the NMSetting8021x |
Returns : |
whether "phase 1" PEAP fast provisioning should be used, as specified by the "phase1-fast-provisioning" property. See the wpa_supplicant documentation for more details. |
nm_setting_802_1x_get_phase2_auth ()
const char * nm_setting_802_1x_get_phase2_auth (NMSetting8021x *setting
);
|
the NMSetting8021x |
Returns : |
the "phase 2" non-EAP (ex MD5) allowed authentication method as specified by the "phase2-auth" property. |
nm_setting_802_1x_get_phase2_autheap ()
const char * nm_setting_802_1x_get_phase2_autheap
(NMSetting8021x *setting
);
|
the NMSetting8021x |
Returns : |
the "phase 2" EAP-based (ex TLS) allowed authentication method as specified by the "phase2-autheap" property. |
nm_setting_802_1x_get_phase2_ca_cert_scheme ()
NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_ca_cert_scheme
(NMSetting8021x *setting
);
Returns the scheme used to store the "phase 2" CA certificate. If the
returned scheme is NM_SETTING_802_1X_CK_SCHEME_BLOB
, use
nm_setting_802_1x_get_ca_cert_blob()
; if NM_SETTING_802_1X_CK_SCHEME_PATH
,
use nm_setting_802_1x_get_ca_cert_path()
.
|
the NMSetting8021x |
Returns : |
scheme used to store the "phase 2" CA certificate (blob or path) |
nm_setting_802_1x_get_phase2_ca_cert_blob ()
const GByteArray * nm_setting_802_1x_get_phase2_ca_cert_blob
(NMSetting8021x *setting
);
Returns the "phase 2" CA certificate blob if the CA certificate is stored
using the NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme. Not all EAP methods use
a CA certificate (LEAP for example), and those that can take advantage of the
CA certificate allow it to be unset. Note that lack of a CA certificate
reduces security by allowing man-in-the-middle attacks, because the identity
of the network cannot be confirmed by the client.
|
the NMSetting8021x |
Returns : |
the "phase 2" CA certificate data |
nm_setting_802_1x_get_phase2_ca_cert_path ()
const char * nm_setting_802_1x_get_phase2_ca_cert_path
(NMSetting8021x *setting
);
Returns the "phase 2" CA certificate path if the CA certificate is stored
using the NM_SETTING_802_1X_CK_SCHEME_PATH
scheme. Not all EAP methods use
a CA certificate (LEAP for example), and those that can take advantage of the
CA certificate allow it to be unset. Note that lack of a CA certificate
reduces security by allowing man-in-the-middle attacks, because the identity
of the network cannot be confirmed by the client.
|
the NMSetting8021x |
Returns : |
path to the "phase 2" CA certificate file |
nm_setting_802_1x_set_phase2_ca_cert ()
gboolean nm_setting_802_1x_set_phase2_ca_cert (NMSetting8021x *setting
,const char *value
,NMSetting8021xCKScheme scheme
,NMSetting8021xCKFormat *out_format
,GError **error
);
Reads a certificate from disk and sets the "phase2-ca-cert"
property with the raw certificate data if using the
NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme, or with the path to the certificate
file if using the NM_SETTING_802_1X_CK_SCHEME_PATH
scheme.
|
the NMSetting8021x |
|
when scheme is set to either NM_SETTING_802_1X_CK_SCHEME_PATH or
NM_SETTING_802_1X_CK_SCHEME_BLOB , pass the path of the "phase2" CA
certificate file (PEM or DER format). The path must be UTF-8 encoded; use
g_filename_to_utf8() to convert if needed. Passing NULL with any scheme
clears the "phase2" CA certificate.
|
|
desired storage scheme for the certificate |
|
on successful return, the type of the certificate added |
|
on unsuccessful return, an error |
Returns : |
TRUE if the operation succeeded, FALSE if it was unsuccessful |
nm_setting_802_1x_get_phase2_subject_match ()
const char * nm_setting_802_1x_get_phase2_subject_match
(NMSetting8021x *setting
);
|
|
Returns : |
nm_setting_802_1x_get_num_phase2_altsubject_matches ()
guint32 nm_setting_802_1x_get_num_phase2_altsubject_matches
(NMSetting8021x *setting
);
Returns the number of entries in the "phase2-altsubject-matches" property of this setting.
|
the NMSetting8021x |
Returns : |
the number of phase2-altsubject-matches entries. |
nm_setting_802_1x_get_phase2_altsubject_match ()
const char * nm_setting_802_1x_get_phase2_altsubject_match (NMSetting8021x *setting
,guint32 i
);
Returns the "phase 2" altSubjectName match at index i
.
|
the NMSettingConnection |
|
the zero-based index of the array of "phase 2" altSubjectName matches |
Returns : |
the "phase 2" altSubjectName match at index i
|
nm_setting_802_1x_add_phase2_altsubject_match ()
gboolean nm_setting_802_1x_add_phase2_altsubject_match (NMSetting8021x *setting
,const char *phase2_altsubject_match
);
Adds an allowed alternate subject name match for "phase 2". Until at least one match is added, the altSubjectName of the "phase 2" remote authentication server is not verified.
|
the NMSetting8021x |
|
the "phase 2" altSubjectName to allow for this connection |
Returns : |
TRUE if the "phase 2" alternative subject name match was successfully added, FALSE if it was already allowed. |
nm_setting_802_1x_remove_phase2_altsubject_match ()
void nm_setting_802_1x_remove_phase2_altsubject_match (NMSetting8021x *setting
,guint32 i
);
Removes the allowed "phase 2" altSubjectName at the specified index.
|
the NMSetting8021x |
|
the index of the "phase 2" altSubjectName match to remove |
nm_setting_802_1x_clear_phase2_altsubject_matches ()
void nm_setting_802_1x_clear_phase2_altsubject_matches
(NMSetting8021x *setting
);
Clears all "phase 2" altSubjectName matches.
|
the NMSetting8021x |
nm_setting_802_1x_get_phase2_client_cert_scheme ()
NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_client_cert_scheme
(NMSetting8021x *setting
);
Returns the scheme used to store the "phase 2" client certificate. If the
returned scheme is NM_SETTING_802_1X_CK_SCHEME_BLOB
, use
nm_setting_802_1x_get_client_cert_blob()
; if
NM_SETTING_802_1X_CK_SCHEME_PATH
, use
nm_setting_802_1x_get_client_cert_path()
.
|
the NMSetting8021x |
Returns : |
scheme used to store the "phase 2" client certificate (blob or path) |
nm_setting_802_1x_get_phase2_client_cert_blob ()
const GByteArray * nm_setting_802_1x_get_phase2_client_cert_blob
(NMSetting8021x *setting
);
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
Returns : |
the "phase 2" client certificate data |
nm_setting_802_1x_get_phase2_client_cert_path ()
const char * nm_setting_802_1x_get_phase2_client_cert_path
(NMSetting8021x *setting
);
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
Returns : |
path to the "phase 2" client certificate file |
nm_setting_802_1x_set_phase2_client_cert ()
gboolean nm_setting_802_1x_set_phase2_client_cert (NMSetting8021x *setting
,const char *value
,NMSetting8021xCKScheme scheme
,NMSetting8021xCKFormat *out_format
,GError **error
);
Reads a certificate from disk and sets the "phase2-client-cert"
property with the raw certificate data if using the
NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme, or with the path to the certificate
file if using the NM_SETTING_802_1X_CK_SCHEME_PATH
scheme.
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
|
when scheme is set to either NM_SETTING_802_1X_CK_SCHEME_PATH or
NM_SETTING_802_1X_CK_SCHEME_BLOB , pass the path of the "phase2" client
certificate file (PEM, DER, or PKCS12 format). The path must be UTF-8
encoded; use g_filename_to_utf8() to convert if needed. Passing NULL with
any scheme clears the "phase2" client certificate.
|
|
desired storage scheme for the certificate |
|
on successful return, the type of the certificate added |
|
on unsuccessful return, an error |
Returns : |
TRUE if the operation succeeded, FALSE if it was unsuccessful |
nm_setting_802_1x_get_password ()
const char * nm_setting_802_1x_get_password (NMSetting8021x *setting
);
|
the NMSetting8021x |
Returns : |
the password used by the authentication method, if any, as specified by the "password" property |
nm_setting_802_1x_get_pin ()
const char * nm_setting_802_1x_get_pin (NMSetting8021x *setting
);
|
the NMSetting8021x |
Returns : |
the PIN used by the authentication method, if any, as specified by the "pin" property |
nm_setting_802_1x_get_psk ()
const char * nm_setting_802_1x_get_psk (NMSetting8021x *setting
);
|
the NMSetting8021x |
Returns : |
the Pre-Shared-Key used by the authentication method, if any, as specified by the "psk" property |
nm_setting_802_1x_get_private_key_scheme ()
NMSetting8021xCKScheme nm_setting_802_1x_get_private_key_scheme
(NMSetting8021x *setting
);
Returns the scheme used to store the private key. If the returned scheme is
NM_SETTING_802_1X_CK_SCHEME_BLOB
, use
nm_setting_802_1x_get_client_cert_blob()
; if
NM_SETTING_802_1X_CK_SCHEME_PATH
, use
nm_setting_802_1x_get_client_cert_path()
.
|
the NMSetting8021x |
Returns : |
scheme used to store the private key (blob or path) |
nm_setting_802_1x_get_private_key_blob ()
const GByteArray * nm_setting_802_1x_get_private_key_blob
(NMSetting8021x *setting
);
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
Returns : |
the private key data |
nm_setting_802_1x_get_private_key_path ()
const char * nm_setting_802_1x_get_private_key_path
(NMSetting8021x *setting
);
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
Returns : |
path to the private key file |
nm_setting_802_1x_set_private_key ()
gboolean nm_setting_802_1x_set_private_key (NMSetting8021x *setting
,const char *value
,const char *password
,NMSetting8021xCKScheme scheme
,NMSetting8021xCKFormat *out_format
,GError **error
);
Reads a private key from disk and sets the "private-key"
property with the raw private key data if using the
NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme, or with the path to the private key
file if using the NM_SETTING_802_1X_CK_SCHEME_PATH
scheme.
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
|
when scheme is set to either NM_SETTING_802_1X_CK_SCHEME_PATH or
NM_SETTING_802_1X_CK_SCHEME_BLOB , pass the path of the private key file
(PEM, DER, or PKCS12 format). The path must be UTF-8 encoded; use
g_filename_to_utf8() to convert if needed. Passing NULL with any scheme
clears the private key.
|
|
password used to decrypt the private key |
|
desired storage scheme for the private key |
|
on successful return, the type of the private key added |
|
on unsuccessful return, an error |
Returns : |
TRUE if the operation succeeded, FALSE if it was unsuccessful |
nm_setting_802_1x_get_private_key_password ()
const char * nm_setting_802_1x_get_private_key_password
(NMSetting8021x *setting
);
|
the NMSetting8021x |
Returns : |
the private key password used to decrypt the private key if
previously set with nm_setting_802_1x_set_private_key_from_file() ,
nm_setting_802_1x_set_private_key() , or the
"private-key-password" property.
|
nm_setting_802_1x_get_private_key_format ()
NMSetting8021xCKFormat nm_setting_802_1x_get_private_key_format
(NMSetting8021x *setting
);
|
the NMSetting8021x |
Returns : |
the data format of the private key data stored in the "private-key" property |
nm_setting_802_1x_get_phase2_private_key_scheme ()
NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_private_key_scheme
(NMSetting8021x *setting
);
Returns the scheme used to store the "phase 2" private key. If the returned
scheme is NM_SETTING_802_1X_CK_SCHEME_BLOB
, use
nm_setting_802_1x_get_client_cert_blob()
; if
NM_SETTING_802_1X_CK_SCHEME_PATH
, use
nm_setting_802_1x_get_client_cert_path()
.
|
the NMSetting8021x |
Returns : |
scheme used to store the "phase 2" private key (blob or path) |
nm_setting_802_1x_get_phase2_private_key_blob ()
const GByteArray * nm_setting_802_1x_get_phase2_private_key_blob
(NMSetting8021x *setting
);
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
Returns : |
the "phase 2" private key data |
nm_setting_802_1x_get_phase2_private_key_path ()
const char * nm_setting_802_1x_get_phase2_private_key_path
(NMSetting8021x *setting
);
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
Returns : |
path to the "phase 2" private key file |
nm_setting_802_1x_set_phase2_private_key ()
gboolean nm_setting_802_1x_set_phase2_private_key (NMSetting8021x *setting
,const char *value
,const char *password
,NMSetting8021xCKScheme scheme
,NMSetting8021xCKFormat *out_format
,GError **error
);
Reads a "phase 2" private key from disk and sets the
"phase2-private-key" property with the raw private key data if
using the NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme, or with the path to the
private key file if using the NM_SETTING_802_1X_CK_SCHEME_PATH
scheme.
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
|
when scheme is set to either NM_SETTING_802_1X_CK_SCHEME_PATH or
NM_SETTING_802_1X_CK_SCHEME_BLOB , pass the path of the "phase2" private
key file (PEM, DER, or PKCS12 format). The path must be UTF-8 encoded;
use g_filename_to_utf8() to convert if needed. Passing NULL with any
scheme clears the "phase2" private key.
|
|
password used to decrypt the private key |
|
desired storage scheme for the private key |
|
on successful return, the type of the private key added |
|
on unsuccessful return, an error |
Returns : |
TRUE if the operation succeeded, FALSE if it was unsuccessful |
nm_setting_802_1x_get_phase2_private_key_password ()
const char * nm_setting_802_1x_get_phase2_private_key_password
(NMSetting8021x *setting
);
|
the NMSetting8021x |
Returns : |
the private key password used to decrypt the private key if
previously set with nm_setting_802_1x_set_phase2_private_key_from_file() ,
nm_setting_802_1x_set_phase2_private_key() , or the
"phase2-private-key-password" property.
|
nm_setting_802_1x_get_phase2_private_key_format ()
NMSetting8021xCKFormat nm_setting_802_1x_get_phase2_private_key_format
(NMSetting8021x *setting
);
|
the NMSetting8021x |
Returns : |
the data format of the "phase 2" private key data stored in the "phase2-private-key" property |
enum NMSetting8021xCKType
typedef enum { NM_SETTING_802_1X_CK_TYPE_UNKNOWN = 0, NM_SETTING_802_1X_CK_TYPE_X509, NM_SETTING_802_1X_CK_TYPE_RAW_KEY, NM_SETTING_802_1X_CK_TYPE_PKCS12 } NMSetting8021xCKType;
nm_setting_802_1x_get_ca_cert ()
const GByteArray * nm_setting_802_1x_get_ca_cert (NMSetting8021x *setting
);
Warning
nm_setting_802_1x_get_ca_cert
has been deprecated since version 0.8 and should not be used in newly-written code. This function has been deprecated and should
not be used in newly written code. Calling this function is
equivalent to calling nm_setting_802_1x_get_ca_cert_blob()
.
Returns the CA certificate blob if the CA certificate is stored using the
NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme. Not all EAP methods use a
CA certificate (LEAP for example), and those that can take advantage of the
CA certificate allow it to be unset. Note that lack of a CA certificate
reduces security by allowing man-in-the-middle attacks, because the identity
of the network cannot be confirmed by the client.
|
the NMSetting8021x |
Returns : |
the CA certificate data |
nm_setting_802_1x_set_ca_cert_from_file ()
gboolean nm_setting_802_1x_set_ca_cert_from_file (NMSetting8021x *setting
,const char *filename
,NMSetting8021xCKType *out_ck_type
,GError **error
);
Warning
nm_setting_802_1x_set_ca_cert_from_file
has been deprecated since version 0.8 and should not be used in newly-written code. This function has been deprecated and should
not be used in newly written code. Calling this function is
equivalent to calling nm_setting_802_1x_set_ca_cert()
with the
NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme.
Reads a certificate from disk and sets the "ca-cert" property
with the raw certificate data using the NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme.
|
the NMSetting8021x |
|
the path of the CA certificate file (PEM or DER format). Passing NULL clears the CA certificate. |
|
on successful return, the type of the certificate added |
|
on unsuccessful return, an error |
Returns : |
TRUE if the operation succeeded, FALSE if it was unsuccessful |
nm_setting_802_1x_get_client_cert ()
const GByteArray * nm_setting_802_1x_get_client_cert (NMSetting8021x *setting
);
Warning
nm_setting_802_1x_get_client_cert
has been deprecated since version 0.8 and should not be used in newly-written code. This function has been deprecated and should
not be used in newly written code. Calling this function is
equivalent to calling nm_setting_802_1x_get_client_cert_blob()
.
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
Returns : |
the client certificate data |
nm_setting_802_1x_set_client_cert_from_file ()
gboolean nm_setting_802_1x_set_client_cert_from_file (NMSetting8021x *setting
,const char *filename
,NMSetting8021xCKType *out_ck_type
,GError **error
);
Warning
nm_setting_802_1x_set_client_cert_from_file
has been deprecated since version 0.8 and should not be used in newly-written code. This function has been deprecated and should
not be used in newly written code. Calling this function is
equivalent to calling nm_setting_802_1x_set_client_cert()
with the
NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme.
Reads a certificate from disk and sets the "client-cert" property with the raw certificate data.
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
|
the path of the client certificate file (PEM, DER, or PKCS12 format). Passing NULL clears the client certificate. |
|
on successful return, the type of the certificate added |
|
on unsuccessful return, an error |
Returns : |
TRUE if the operation succeeded, FALSE if it was unsuccessful |
nm_setting_802_1x_get_phase2_ca_cert ()
const GByteArray * nm_setting_802_1x_get_phase2_ca_cert
(NMSetting8021x *setting
);
Warning
nm_setting_802_1x_get_phase2_ca_cert
has been deprecated since version 0.8 and should not be used in newly-written code. This function has been deprecated and should
not be used in newly written code. Calling this function is
equivalent to calling nm_setting_802_1x_get_phase2_ca_cert_blob()
.
Returns the "phase 2" CA certificate blob. Not all EAP methods use a CA certificate (LEAP for example), and those that can take advantage of the CA certificate allow it to be unset. Note that lack of a CA certificate reduces security by allowing man-in-the-middle attacks, because the identity of the network cannot be confirmed by the client.
|
the NMSetting8021x |
Returns : |
the "phase 2" CA certificate data |
nm_setting_802_1x_set_phase2_ca_cert_from_file ()
gboolean nm_setting_802_1x_set_phase2_ca_cert_from_file (NMSetting8021x *setting
,const char *filename
,NMSetting8021xCKType *out_ck_type
,GError **error
);
Warning
nm_setting_802_1x_set_phase2_ca_cert_from_file
has been deprecated since version 0.8 and should not be used in newly-written code. This function has been deprecated and should
not be used in newly written code. Calling this function is
equivalent to calling nm_setting_802_1x_set_phase2_ca_cert()
.
with the NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme.
Reads a certificate from disk and sets the "phase2-ca-cert" property with the raw certificate data.
|
the NMSetting8021x |
|
the path of the "phase2" CA certificate file (PEM or DER format).
Passing NULL with any scheme clears the "phase2" CA certificate.
|
|
on successful return, the type of the certificate added |
|
on unsuccessful return, an error |
Returns : |
TRUE if the operation succeeded, FALSE if it was unsuccessful |
nm_setting_802_1x_get_phase2_client_cert ()
const GByteArray * nm_setting_802_1x_get_phase2_client_cert
(NMSetting8021x *setting
);
Warning
nm_setting_802_1x_get_phase2_client_cert
has been deprecated since version 0.8 and should not be used in newly-written code. This function has been deprecated and should
not be used in newly written code. Calling this function is
equivalent to calling nm_setting_802_1x_get_phase2_client_cert_blob()
.
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
Returns : |
the "phase 2" client certificate data |
nm_setting_802_1x_set_phase2_client_cert_from_file ()
gboolean nm_setting_802_1x_set_phase2_client_cert_from_file (NMSetting8021x *setting
,const char *filename
,NMSetting8021xCKType *out_ck_type
,GError **error
);
Warning
nm_setting_802_1x_set_phase2_client_cert_from_file
has been deprecated since version 0.8 and should not be used in newly-written code. This function has been deprecated and should
not be used in newly written code. Calling this function is
equivalent to calling nm_setting_802_1x_set_phase2_client_cert()
with the.
NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme.
Reads a certificate from disk and sets the "phase2-client-cert" property with the raw certificate data.
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
|
pass the path of the "phase2" client certificate file (PEM, DER, or PKCS12 format). Passing NULL clears the "phase2" client certificate. |
|
on successful return, the type of the certificate added |
|
on unsuccessful return, an error |
Returns : |
TRUE if the operation succeeded, FALSE if it was unsuccessful |
nm_setting_802_1x_get_private_key ()
const GByteArray * nm_setting_802_1x_get_private_key (NMSetting8021x *setting
);
Warning
nm_setting_802_1x_get_private_key
has been deprecated since version 0.8 and should not be used in newly-written code. This function has been deprecated and should
not be used in newly written code. Calling this function is
equivalent to calling nm_setting_802_1x_get_private_key_blob()
.
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
Returns : |
the private key data |
nm_setting_802_1x_set_private_key_from_file ()
gboolean nm_setting_802_1x_set_private_key_from_file (NMSetting8021x *setting
,const char *filename
,const char *password
,NMSetting8021xCKType *out_ck_type
,GError **error
);
Warning
nm_setting_802_1x_set_private_key_from_file
has been deprecated since version 0.8 and should not be used in newly-written code. This function has been deprecated and should
not be used in newly written code. Calling this function is
equivalent to calling nm_setting_802_1x_set_private_key()
with.
the NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme.
Reads a private key from disk and sets the "private-key" property with the raw private key data.
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
|
the path of the private key file (PEM, DER, or PKCS12 format). Passing NULL clears the private key. |
|
password used to decrypt the private key |
|
on successful return, the type of the private key added |
|
on unsuccessful return, an error |
Returns : |
TRUE if the operation succeeded, FALSE if it was unsuccessful |
nm_setting_802_1x_get_private_key_type ()
NMSetting8021xCKType nm_setting_802_1x_get_private_key_type
(NMSetting8021x *setting
);
Warning
nm_setting_802_1x_get_private_key_type
has been deprecated since version 0.8 and should not be used in newly-written code. This function has been deprecated and should
not be used in newly written code. Calling this function is
equivalent to calling nm_setting_802_1x_get_private_key_format()
.
|
the NMSetting8021x |
Returns : |
the data format of the private key data stored in the "private-key" property |
nm_setting_802_1x_get_phase2_private_key ()
const GByteArray * nm_setting_802_1x_get_phase2_private_key
(NMSetting8021x *setting
);
Warning
nm_setting_802_1x_get_phase2_private_key
has been deprecated since version 0.8 and should not be used in newly-written code. This function has been deprecated and should
not be used in newly written code. Calling this function is
equivalent to calling nm_setting_802_1x_get_private_key_blob()
.
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
Returns : |
the "phase 2" private key data |
nm_setting_802_1x_set_phase2_private_key_from_file ()
gboolean nm_setting_802_1x_set_phase2_private_key_from_file (NMSetting8021x *setting
,const char *filename
,const char *password
,NMSetting8021xCKType *out_ck_type
,GError **error
);
Warning
nm_setting_802_1x_set_phase2_private_key_from_file
has been deprecated since version 0.8 and should not be used in newly-written code. This function has been deprecated and should
not be used in newly written code. Calling this function is
equivalent to calling nm_setting_802_1x_set_phase2_private_key()
with
the NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme.
Reads a "phase 2" private key from disk and sets the "phase2-private-key" property with the raw private key data.
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
|
the NMSetting8021x |
|
the path of the "phase2" private key file (PEM, DER, or PKCS12 format). Passing NULL clears the "phase2" private key. |
|
password used to decrypt the private key |
|
on successful return, the type of the private key added |
|
on unsuccessful return, an error |
Returns : |
TRUE if the operation succeeded, FALSE if it was unsuccessful |
nm_setting_802_1x_get_phase2_private_key_type ()
NMSetting8021xCKType nm_setting_802_1x_get_phase2_private_key_type
(NMSetting8021x *setting
);
Warning
nm_setting_802_1x_get_phase2_private_key_type
has been deprecated since version 0.8 and should not be used in newly-written code. This function has been deprecated and should
not be used in newly written code. Calling this function is
equivalent to calling nm_setting_802_1x_get_phase2_private_key_format()
.
|
the NMSetting8021x |
Returns : |
the data format of the private key data stored in the "phase2-private-key" property |
Property Details
The "altsubject-matches"
property
"altsubject-matches" GSList_gchararray_* : Read / Write
List of strings to be matched against the altSubjectName of the certificate presented by the authentication server. If the list is empty, no verification of the server certificate's altSubjectName is performed.
The "anonymous-identity"
property
"anonymous-identity" gchar* : Read / Write
Anonymous identity string for EAP authentication methods. Used as the unencrypted identity with EAP types that support different tunneled identity like EAP-TTLS.
Default value: NULL
The "ca-cert"
property
"ca-cert" GArray_guchar_* : Read / Write
Contains the CA certificate if used by the EAP method specified in the
"eap" property. Setting this property directly is
discouraged; use the nm_setting_802_1x_set_ca_cert()
function instead.
The "ca-path"
property
"ca-path" gchar* : Read / Write
UTF-8 encoded path to a directory containing PEM or DER formatted certificates to be added to the verification chain in addition to the certificate specified in the "ca-cert" property.
Default value: NULL
The "client-cert"
property
"client-cert" GArray_guchar_* : Read / Write
Contains the client certificate if used by the EAP method specified in
the "eap" property. Setting this property directly is
discouraged; use the nm_setting_802_1x_set_client_cert()
function instead.
The "eap"
property
"eap" GSList_gchararray_* : Read / Write
The allowed EAP method to be used when authenticating to the network with 802.1x. Valid methods are: "leap", "md5", "tls", "peap", "ttls", and "fast". Each method requires different configuration using the properties of this object; refer to wpa_supplicant documentation for the allowed combinations.
The "identity"
property
"identity" gchar* : Read / Write
Identity string for EAP authentication methods. Often the user's user or login name.
Default value: NULL
The "password"
property
"password" gchar* : Read / Write
Password used for EAP authentication methods.
Default value: NULL
The "phase1-fast-provisioning"
property
"phase1-fast-provisioning" gchar* : Read / Write
Enables or disables in-line provisioning of EAP-FAST credentials when FAST is specified as the EAP method in the "eap" property. Recognized values are "0" (disabled), "1" (allow unauthenticated provisioning), "2" (allow authenticated provisioning), and "3" (allow both authenticated and unauthenticated provisioning). See the wpa_supplicant documentation for more details.
Default value: NULL
The "phase1-peaplabel"
property
"phase1-peaplabel" gchar* : Read / Write
Forces use of the new PEAP label during key derivation. Some RADIUS servers may require forcing the new PEAP label to interoperate with PEAPv1. Set to "1" to force use of the new PEAP label. See the wpa_supplicant documentation for more details.
Default value: NULL
The "phase1-peapver"
property
"phase1-peapver" gchar* : Read / Write
Forces which PEAP version is used when PEAP is set as the EAP method in the "eap" property. When unset, the version reported by the server will be used. Sometimes when using older RADIUS servers, it is necessary to force the client to use a particular PEAP version. To do so, this property may be set to "0" or "1" to force that specific PEAP version.
Default value: NULL
The "phase2-altsubject-matches"
property
"phase2-altsubject-matches" GSList_gchararray_* : Read / Write
List of strings to be matched against the altSubjectName of the certificate presented by the authentication server during the inner "phase 2" authentication. If the list is empty, no verification of the server certificate's altSubjectName is performed.
The "phase2-auth"
property
"phase2-auth" gchar* : Read / Write
Specifies the allowed "phase 2" inner non-EAP authentication methods when an EAP method that uses an inner TLS tunnel is specified in the "eap" property. Recognized non-EAP phase2 methods are "pap", "chap", "mschap", "mschapv2", "gtc", "otp", "md5", and "tls". Each 'phase 2' inner method requires specific parameters for successful authentication; see the wpa_supplicant documentation for more details.
Default value: NULL
The "phase2-autheap"
property
"phase2-autheap" gchar* : Read / Write
Specifies the allowed "phase 2" inner EAP-based authentication methods when an EAP method that uses an inner TLS tunnel is specified in the "eap" property. Recognized EAP-based phase2 methods are "md5", "mschapv2", "otp", "gtc", and "tls". Each 'phase 2' inner method requires specific parameters for successful authentication; see the wpa_supplicant documentation for more details.
Default value: NULL
The "phase2-ca-cert"
property
"phase2-ca-cert" GArray_guchar_* : Read / Write
Contains the CA certificate if used by the EAP method specified in the
"phase2-auth" or "phase2-autheap" properties.
Setting this property directly is discouraged; use the
nm_setting_802_1x_set_phase2_ca_cert()
function instead.
The "phase2-ca-path"
property
"phase2-ca-path" gchar* : Read / Write
UTF-8 encoded path to a directory containing PEM or DER formatted certificates to be added to the verification chain in addition to the certificate specified in the "phase2-ca-cert" property.
Default value: NULL
The "phase2-client-cert"
property
"phase2-client-cert" GArray_guchar_* : Read / Write
Contains the client certificate if used by the EAP method specified in
the "phase2-auth" or "phase2-autheap"
properties. Setting this property directly is discouraged; use the
nm_setting_802_1x_set_phase2_client_cert()
function instead.
The "phase2-private-key"
property
"phase2-private-key" GArray_guchar_* : Read / Write
Private key data used by "phase 2" inner authentication methods.
Contains the "phase 2" inner private key if the "phase2-auth"
or "phase2-autheap" property is set to 'tls'. Setting this
property directly is discouraged; use the
nm_setting_802_1x_set_phase2_private_key()
function instead.
The "phase2-private-key-password"
property
"phase2-private-key-password" gchar* : Read / Write
The password used to decrypt the private key specified in
"phase2-private-key" when the private key either uses the
path scheme, or if the private key is a PKCS12 format key. Setting this
property directly is not generally necessary except when returning
secrets to NetworkManager; it is generally set automatically when setting
the private key by the nm_setting_802_1x_set_phase2_private_key()
function.
Default value: NULL
The "phase2-subject-match"
property
"phase2-subject-match" gchar* : Read / Write
Substring to be matched against the subject of the certificate presented by the authentication server during the inner "phase 2" authentication. When unset, no verification of the authentication server certificate's subject is performed.
Default value: NULL
The "private-key"
property
"private-key" GArray_guchar_* : Read / Write
Contains the private key if the "eap" property is set to
'tls'. Setting this property directly is discouraged; use the
nm_setting_802_1x_set_private_key()
function instead.
The "private-key-password"
property
"private-key-password" gchar* : Read / Write
The password used to decrypt the private key specified in
"private-key" when the private key either uses the path
scheme, or if the private key is a PKCS12 format key. Setting this
property directly is not generally necessary except when returning
secrets to NetworkManager; it is generally set automatically when setting
the private key by the nm_setting_802_1x_set_private_key()
function.
Default value: NULL
The "subject-match"
property
"subject-match" gchar* : Read / Write
Substring to be matched against the subject of the certificate presented by the authentication server. When unset, no verification of the authentication server certificate's subject is performed.
Default value: NULL
The "system-ca-certs"
property
"system-ca-certs" gboolean : Read / Write / Construct
When TRUE, overrides "ca-path" and "phase2-ca-path" properties using the system CA directory specified at configure time with the --system-ca-path switch. The certificates in this directory are added to the verification chain in addition to any certificates specified by the "ca-cert", "ca-cert-path", "phase2-ca-cert" and "phase2-ca-cert-path" properties.
Default value: FALSE