diff options
author | Arne Schwabe <arne@rfc2549.org> | 2021-10-15 02:02:38 +0200 |
---|---|---|
committer | Arne Schwabe <arne@rfc2549.org> | 2021-10-15 02:02:38 +0200 |
commit | 59e2992331f08dfa2799496c18109b93a382b078 (patch) | |
tree | 909bb146a0231d7d831a59c6cfded31cd58cc4a1 | |
parent | f8249f98f37c7b75e56f007c892aab0c7d3e4dca (diff) |
Improve detection and logging of weak md error FAQ hint
3 files changed, 12 insertions, 10 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java index bb3b804d..8b3d4525 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java +++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java @@ -135,7 +135,6 @@ public class OpenVPNThread implements Runnable { mDumpPath = logline.substring(DUMP_PATH_STRING.length());
Matcher m = LOG_PATTERN.matcher(logline);
- int logerror = 0;
if (m.matches()) {
int flags = Integer.parseInt(m.group(3), 16);
String msg = m.group(4);
@@ -155,13 +154,8 @@ public class OpenVPNThread implements Runnable { if (msg.startsWith("MANAGEMENT: CMD"))
logLevel = Math.max(4, logLevel);
- if ((msg.endsWith("md too weak") && msg.startsWith("OpenSSL: error")) || msg.contains("error:140AB18E"))
- logerror = 1;
-
VpnStatus.logMessageOpenVPN(logStatus, logLevel, msg);
- if (logerror==1)
- VpnStatus.logError("OpenSSL reported a certificate with a weak hash, please the in app FAQ about weak hashes");
-
+ VpnStatus.checkWeakMD(msg);
} else {
VpnStatus.logInfo("P:" + logline);
}
diff --git a/main/src/main/java/de/blinkt/openvpn/core/VpnStatus.java b/main/src/main/java/de/blinkt/openvpn/core/VpnStatus.java index e325f8b7..04848f93 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/VpnStatus.java +++ b/main/src/main/java/de/blinkt/openvpn/core/VpnStatus.java @@ -469,11 +469,17 @@ public class VpnStatus { } public static void logMessageOpenVPN(LogLevel level, int ovpnlevel, String message) { + /* Check for the weak md whe we have a message from OpenVPN */ newLogItem(new LogItem(level, ovpnlevel, message)); - } + public static void checkWeakMD(String msg) { + if ((msg.endsWith("md too weak") && msg.startsWith("OpenSSL: error")) || msg.contains("error:140AB18E") + || msg.contains("SSL_CA_MD_TOO_WEAK") || (msg.contains("ca md too weak"))) + logError("OpenSSL reported a certificate with a weak hash, please see the in app FAQ about weak hashes."); + } + public static synchronized void updateByteCount(long in, long out) { TrafficHistory.LastDiff diff = trafficHistory.add(in, out); diff --git a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java index da652ef9..c51fc2cc 100644 --- a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java +++ b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java @@ -55,6 +55,7 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable ClientAPI_Status status = connect(); if (status.getError()) { VpnStatus.logError(String.format("connect() error: %s: %s", status.getStatus(), status.getMessage())); + VpnStatus.checkWeakMD(status.getMessage()); } else { VpnStatus.updateStateString("NOPROCESS", "OpenVPN3 thread finished", R.string.state_noprocess, ConnectionStatus.LEVEL_NOTCONNECTED); } @@ -172,7 +173,7 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable config.setContent(vpnconfig); config.setTunPersist(mVp.mPersistTun); - config.setGuiVersion(mVp.getVersionEnvString(mService)); + config.setGuiVersion(VpnProfile.getVersionEnvString(mService)); config.setSsoMethods("openurl,webauth,crtext"); config.setPlatformVersion(mVp.getPlatformVersionEnvString()); config.setExternalPkiAlias("extpki"); @@ -305,6 +306,7 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable logmsg = logmsg.substring(0, logmsg.length() - 1); VpnStatus.logInfo(logmsg); + VpnStatus.checkWeakMD(logmsg); } @Override @@ -318,7 +320,7 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable } else { VpnStatus.logInfo(R.string.info_from_server, info); } - } else if (name.equals("COMPRESSION_ENABLED")) { + } else if (name.equals("COMPRESSION_ENABLED") || name.equals(("WARN"))) { VpnStatus.logInfo(String.format(Locale.US, "%s: %s", name, info)); } else { VpnStatus.updateStateString(name, info); |