Fix peer-fingerprint with auth-user-pass

Also throw an error if neither of CA or peer-fingerprint is configured

2 files changed, 6 insertions, 2 deletions

diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
index f4afb5ad..e82f508c 100644
--- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -505,7 +505,8 @@ public class VpnProfile implements Serializable, Cloneable {
                 break;
             case VpnProfile.TYPE_USERPASS:
                 cfg.append("auth-user-pass\n");
-                cfg.append(insertFileData("ca", mCaFilename));
+                if (!TextUtils.isEmpty(mCaFilename))
+                    cfg.append(insertFileData("ca", mCaFilename));
                 if (configForOvpn3) {
                     // OpenVPN 3 needs to be told that a client certificate is not required
                     cfg.append("client-cert-not-required\n");
@@ -1054,7 +1055,9 @@ public class VpnProfile implements Serializable, Cloneable {
             }
         }
 
-
+        if (mAuthenticationType != TYPE_STATICKEYS && !mCheckPeerFingerprint && TextUtils.isEmpty(mCaFilename)) {
+            return R.string.need_fingerprint_or_ca;
+        }
         // Everything okay
         return R.string.no_error_found;
 
diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml
index 2de43eb2..dd2589c6 100755
--- a/main/src/main/res/values/strings.xml
+++ b/main/src/main/res/values/strings.xml
@@ -511,5 +511,6 @@
     <string name="import_from_URL">URL</string>
     <string name="compatmode">Compatiblity Mode</string>
     <string name="compat_mode_label">Compatibility mode</string>
+    <string name="need_fingerprint_or_ca">An OpenVPN profile needs a CA certificate or peer fingerprint</string>
 
 </resources>