diff options
| author | Arne Schwabe <arne@rfc2549.org> | 2018-02-06 12:45:52 +0100 |
|---|---|---|
| committer | Arne Schwabe <arne@rfc2549.org> | 2018-02-06 12:45:52 +0100 |
| commit | 68ecf387e4ec820850eba2e1661b43faf7ce6ea1 (patch) | |
| tree | 8a31d35fda0ecb7a49659f66ed21f31c88984617 | |
| parent | 178841baa83834e6d17efbcdc4aeebe850256bb0 (diff) | |
Explicitly tell openvpn3 that it should not use user certificates (closes #836)
| -rw-r--r-- | main/src/main/java/de/blinkt/openvpn/VpnProfile.java | 4 | ||||
| -rw-r--r-- | main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java | 3 |
2 files changed, 6 insertions, 1 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java index d5f07843..76bb502e 100644 --- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -416,6 +416,10 @@ public class VpnProfile implements Serializable, Cloneable { case VpnProfile.TYPE_USERPASS: cfg += "auth-user-pass\n"; cfg += insertFileData("ca", mCaFilename); + if (configForOvpn3) { + // OpenVPN 3 needs to be told that a client certificate is not required + cfg += "client-cert-not-required\n"; + } } if (isUserPWAuth()) { diff --git a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index 9889754d..abd60bcb 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -245,6 +245,7 @@ public class ConfigParser { // in most cases these won't work and user who wish to execute scripts will // figure out themselves final String[] ignoreOptions = {"tls-client", + "allow-recursive-routing", "askpass", "auth-nocache", "up", @@ -255,11 +256,11 @@ public class ConfigParser { "route-pre-down", "auth-user-pass-verify", "block-outside-dns", + "client-cert-not-required", "dhcp-release", "dhcp-renew", "dh", "group", - "allow-recursive-routing", "ip-win32", "ifconfig-nowarn", "management-hold", |