verify-x509-name not x509-verify-name

4 files changed, 22 insertions, 18 deletions

diff --git a/res/values/strings.xml b/res/values/strings.xml
index 07589382..7d35c20d 100755
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -65,7 +65,7 @@
     <string name="check_remote_tlscert_title">Except TLS Server</string>
     <string name="remote_tlscn_check_summary">Checks the Remote Server Certificate Subject DN</string>
     <string name="remote_tlscn_check_title">Certificate Hostname Check</string>
-    <string name="enter_tlscn_dialog">Specify the check used to verify the remote certificate DN\n\Specify the complete DN (e.g. C=DE, L=Paderborn, OU=Avian IP Carriers, CN=openvpn.blinkt.de) or the RDN (openvpn.blinkt.de in the DN example) or an RDN prefix for verification.\n\nRDN prefix will use prefix matching. \"Server\" matches \"Server-1\" and \"Server-2\"\nLeaving the text field empty will check the RDN against the server hostname.\nFor more details see the OpenVPN 2.3 manpage under --x509-verify-name</string>
+    <string name="enter_tlscn_dialog">Specify the check used to verify the remote certificate DN\n\Specify the complete DN (e.g. C=DE, L=Paderborn, OU=Avian IP Carriers, CN=openvpn.blinkt.de) or the RDN (openvpn.blinkt.de in the DN example) or an RDN prefix for verification.\n\nRDN prefix will use prefix matching. \"Server\" matches \"Server-1\" and \"Server-2\"\nLeaving the text field empty will check the RDN against the server hostname.\nFor more details see the OpenVPN 2.3.1+ manpage under --verify-x509-name</string>
     <string name="enter_tlscn_title">Remote certificate subject</string>
     <string name="tls_key_auth">Enables the TLS Key Authentication</string>
     <string name="tls_auth_file">TLS Auth File</string>
diff --git a/src/de/blinkt/openvpn/ConfigParser.java b/src/de/blinkt/openvpn/ConfigParser.java
index 28608c9a..f16198ee 100644
--- a/src/de/blinkt/openvpn/ConfigParser.java
+++ b/src/de/blinkt/openvpn/ConfigParser.java
@@ -454,17 +454,17 @@ public class ConfigParser {
 				np.mX509AuthType = VpnProfile.X509_VERIFY_TLSREMOTE_COMPAT_NOREMAPPING;
 		}
 		
-		Vector<String> x509verifyname = getOption("x509-verify-name",1,2);
-		if(x509verifyname!=null){
-			np.mRemoteCN = x509verifyname.get(1);
+		Vector<String> verifyx509name = getOption("verify-x509-name",1,2);
+		if(verifyx509name!=null){
+			np.mRemoteCN = verifyx509name.get(1);
 			np.mCheckRemoteCN=true;
-			if(x509verifyname.size()>2) {  
-				if (x509verifyname.get(2).equals("name"))
+			if(verifyx509name.size()>2) {  
+				if (verifyx509name.get(2).equals("name"))
 					np.mX509AuthType=VpnProfile.X509_VERIFY_TLSREMOTE_RDN;
-				else if (x509verifyname.get(2).equals("name-prefix"))
+				else if (verifyx509name.get(2).equals("name-prefix"))
 					np.mX509AuthType=VpnProfile.X509_VERIFY_TLSREMOTE_RDN_PREFIX;
 				else 
-					throw new ConfigParseError("Unknown parameter to x509-verify-name: " + x509verifyname.get(2) );
+					throw new ConfigParseError("Unknown parameter to x509-verify-name: " + verifyx509name.get(2) );
 			} else {
 				np.mX509AuthType = VpnProfile.X509_VERIFY_TLSREMOTE_DN;
 			}
diff --git a/src/de/blinkt/openvpn/RemoteCNPreference.java b/src/de/blinkt/openvpn/RemoteCNPreference.java
index 4daf54c2..3d142527 100644
--- a/src/de/blinkt/openvpn/RemoteCNPreference.java
+++ b/src/de/blinkt/openvpn/RemoteCNPreference.java
@@ -2,12 +2,9 @@ package de.blinkt.openvpn;
 
 import android.content.Context;
 import android.preference.DialogPreference;
-import android.preference.EditTextPreference;
-import android.preference.ListPreference;
 import android.util.AttributeSet;
 import android.util.Pair;
 import android.view.View;
-import android.view.ViewGroup;
 import android.widget.ArrayAdapter;
 import android.widget.EditText;
 import android.widget.Spinner;
diff --git a/src/de/blinkt/openvpn/VpnProfile.java b/src/de/blinkt/openvpn/VpnProfile.java
index fcb0679f..ee202369 100644
--- a/src/de/blinkt/openvpn/VpnProfile.java
+++ b/src/de/blinkt/openvpn/VpnProfile.java
@@ -274,9 +274,16 @@ public class VpnProfile implements  Serializable{
 			if(!configForOvpn3) {
 				String[] ks =getKeyStoreCertificates(context);
 				cfg+="### From Keystore ####\n";
-				cfg+="<ca>\n" + ks[0] + "</ca>\n";
-				cfg+="<cert>\n" + ks[0] + "</cert>\n";
-				cfg+="management-external-key\n";
+				if(ks != null) {
+					cfg+="<ca>\n" + ks[0] + "</ca>\n";
+					cfg+="<cert>\n" + ks[0] + "</cert>\n";
+					cfg+="management-external-key\n";
+				} else {
+					cfg += context.getString(R.string.keychain_access) +"\n";
+					if(Build.VERSION.SDK_INT==Build.VERSION_CODES.JELLY_BEAN) 
+						if(!mAlias.matches("^[a-zA-Z0-9]$")) 
+							cfg += context.getString(R.string.jelly_keystore_alphanumeric_bug)+ "\n";
+				}
 			}
 			break;
 		case VpnProfile.TYPE_USERPASS:
@@ -358,7 +365,7 @@ public class VpnProfile implements  Serializable{
 		// Authentication
 		if(mCheckRemoteCN) {
 			if(mRemoteCN == null || mRemoteCN.equals("") )
-				cfg+="x509-verify-name " + mServerName + " name\n";
+				cfg+="verify-x509-name " + mServerName + " name\n";
 			else 
 				switch (mX509AuthType) {
 
@@ -370,15 +377,15 @@ public class VpnProfile implements  Serializable{
 					break;
 
 				case X509_VERIFY_TLSREMOTE_RDN:
-					cfg+="x509-verify-name " + openVpnEscape(mRemoteCN) + " name\n";
+					cfg+="verify-x509-name " + openVpnEscape(mRemoteCN) + " name\n";
 					break;
 
 				case X509_VERIFY_TLSREMOTE_RDN_PREFIX:
-					cfg+="x509-verify-name " + openVpnEscape(mRemoteCN) + " name-prefix\n";
+					cfg+="verify-x509-name " + openVpnEscape(mRemoteCN) + " name-prefix\n";
 					break;
 
 				case X509_VERIFY_TLSREMOTE_DN:
-					cfg+="x509-verify-name " + openVpnEscape(mRemoteCN) + "\n";
+					cfg+="verify-x509-name " + openVpnEscape(mRemoteCN) + "\n";
 					break;
 				}
 		}