Implement tls-cert-profile in profile and parser

2 files changed, 6 insertions, 0 deletions

diff --git a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
index 1e49f2e6..da652ef9 100644
--- a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
+++ b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
@@ -3,6 +3,7 @@ package de.blinkt.openvpn.core;
 import android.annotation.SuppressLint;
 import android.content.Context;
 import android.provider.Settings;
+import android.text.TextUtils;
 
 import net.openvpn.ovpn3.ClientAPI_Config;
 import net.openvpn.ovpn3.ClientAPI_EvalConfig;
@@ -183,6 +184,8 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable
         boolean retryOnAuthFailed = mVp.mAuthRetry == AUTH_RETRY_NOINTERACT;
         config.setRetryOnAuthFailed(retryOnAuthFailed);
         config.setEnableLegacyAlgorithms(mVp.mUseLegacyProvider);
+        if (!TextUtils.isEmpty(mVp.mTlSCertProfile))
+            config.setTlsCertProfileOverride(mVp.mTlSCertProfile);
 
         ClientAPI_EvalConfig ec = eval_config(config);
         if (ec.getExternalPki()) {
diff --git a/main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt b/main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt
index 8756b5b0..2130cdef 100644
--- a/main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt
+++ b/main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt
@@ -302,6 +302,9 @@ object Utils {
         if (vp.mCompatMode > 0 )
             warnings.add("compat mode enabled")
 
+        if ("insecure".equals(vp.mTlSCertProfile))
+            warnings.add("low security (TLS security profile 'insecure' selected)");
+
         var cipher= vp.mCipher.toUpperCase(Locale.ROOT)
         if (cipher.isNullOrEmpty())
             cipher = "BF-CBC";