summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2021-10-15 03:21:03 +0200
committerArne Schwabe <arne@rfc2549.org>2021-10-15 03:21:03 +0200
commit12c2b2a9d724edff6499caad63997bb8cef8f4a4 (patch)
tree54e2b8a260ca5593daf5317fdaee4fe72869b0e7
parent841eba827134eb09bb647731981fb9fe776bec8e (diff)
Add log message for unsupported key encryption
Diffstat
-rw-r--r--main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java2
-rw-r--r--main/src/main/java/de/blinkt/openvpn/core/VpnStatus.java5
-rw-r--r--main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java4
3 files changed, 7 insertions, 4 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java
index 8b3d4525..1d8f6cc6 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java
@@ -155,7 +155,7 @@ public class OpenVPNThread implements Runnable {
logLevel = Math.max(4, logLevel);
VpnStatus.logMessageOpenVPN(logStatus, logLevel, msg);
- VpnStatus.checkWeakMD(msg);
+ VpnStatus.addExtraHints(msg);
} else {
VpnStatus.logInfo("P:" + logline);
}
diff --git a/main/src/main/java/de/blinkt/openvpn/core/VpnStatus.java b/main/src/main/java/de/blinkt/openvpn/core/VpnStatus.java
index 04848f93..c8e69414 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/VpnStatus.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/VpnStatus.java
@@ -474,10 +474,13 @@ public class VpnStatus {
}
- public static void checkWeakMD(String msg) {
+ public static void addExtraHints(String msg) {
if ((msg.endsWith("md too weak") && msg.startsWith("OpenSSL: error")) || msg.contains("error:140AB18E")
|| msg.contains("SSL_CA_MD_TOO_WEAK") || (msg.contains("ca md too weak")))
logError("OpenSSL reported a certificate with a weak hash, please see the in app FAQ about weak hashes.");
+ if ((msg.contains("digital envelope routines::unsupported")))
+ logError("The encryption method of your private keys/pkcs12 might be outdated and you probably need to enable " +
+ "the OpenSSL legacy provider to be able to use this profile.");
}
public static synchronized void updateByteCount(long in, long out) {
diff --git a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
index c51fc2cc..f10011c9 100644
--- a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
+++ b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
@@ -55,7 +55,7 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable
ClientAPI_Status status = connect();
if (status.getError()) {
VpnStatus.logError(String.format("connect() error: %s: %s", status.getStatus(), status.getMessage()));
- VpnStatus.checkWeakMD(status.getMessage());
+ VpnStatus.addExtraHints(status.getMessage());
} else {
VpnStatus.updateStateString("NOPROCESS", "OpenVPN3 thread finished", R.string.state_noprocess, ConnectionStatus.LEVEL_NOTCONNECTED);
}
@@ -306,7 +306,7 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable
logmsg = logmsg.substring(0, logmsg.length() - 1);
VpnStatus.logInfo(logmsg);
- VpnStatus.checkWeakMD(logmsg);
+ VpnStatus.addExtraHints(logmsg);
}
@Override
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-07 02:03:41 +0000