diff options
author | cyBerta <cyberta@riseup.net> | 2021-01-11 01:44:31 +0100 |
---|---|---|
committer | cyBerta <cyberta@riseup.net> | 2021-01-11 01:44:31 +0100 |
commit | cb7894ef9f73fdfb2f3b44b4d3c6afb6133a70ba (patch) | |
tree | 83f1adb247f6b3a7131f7807ebb1b4b192c458dd /app/src/main/java/de/blinkt/openvpn | |
parent | 50cf8dc8815a6770cf1be2f3c85e1531b5ef91e0 (diff) |
add missing data-cipher flags to VpnProfile and ConfigParser, fixes cipher negotiation issues
Diffstat (limited to 'app/src/main/java/de/blinkt/openvpn')
-rw-r--r-- | app/src/main/java/de/blinkt/openvpn/VpnProfile.java | 7 | ||||
-rw-r--r-- | app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java | 23 |
2 files changed, 30 insertions, 0 deletions
diff --git a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java index 3792d092..41b5ddb5 100644 --- a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -145,6 +145,7 @@ public class VpnProfile implements Serializable, Cloneable { public String mCustomConfigOptions = ""; public String mVerb = "1"; //ignored public String mCipher = ""; + public String mDataCiphers = ""; public boolean mNobind = true; public boolean mUseDefaultRoutev6 = true; public String mCustomRoutesv6 = ""; @@ -630,6 +631,12 @@ public class VpnProfile implements Serializable, Cloneable { cfg.append("remote-cert-tls server\n"); } + + if (!TextUtils.isEmpty(mDataCiphers)) + { + cfg.append("data-ciphers ").append(mDataCiphers).append("\n"); + } + if (!TextUtils.isEmpty(mCipher)) { cfg.append("cipher ").append(mCipher).append("\n"); } diff --git a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index c6240bd0..5b4ab361 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -537,10 +537,33 @@ public class ConfigParser { np.mUseLzo = Boolean.valueOf(useLzo.get(1)); } + Vector<String> ncp_ciphers = getOption("ncp-ciphers", 1, 1); + Vector<String> data_ciphers = getOption("data-ciphers", 1, 1); Vector<String> cipher = getOption("cipher", 1, 1); + if (cipher != null) np.mCipher = cipher.get(1); + if (data_ciphers == null) + { + data_ciphers = ncp_ciphers; + } + + /* The world is not yet ready to only use data-ciphers, add --cipher to data-ciphers + * for now on import */ + if (data_ciphers != null) + { + np.mDataCiphers = data_ciphers.get(1); + + if (!TextUtils.isEmpty(np.mCipher) && !np.mDataCiphers.contains(np.mCipher)) + { + np.mDataCiphers += ":" + np.mCipher; + } + } else if (!TextUtils.isEmpty(np.mCipher) && !np.mCipher.equals("AES-128-GCM") && !np.mCipher.equals("AES-256")) + { + np.mDataCiphers += "AES-256-GCM:AES-128-GCM:" + np.mCipher; + } + Vector<String> auth = getOption("auth", 1, 1); if (auth != null) np.mAuth = auth.get(1); |