diff options
author | Arne Schwabe <arne@rfc2549.org> | 2021-10-15 01:31:14 +0200 |
---|---|---|
committer | Arne Schwabe <arne@rfc2549.org> | 2021-10-15 01:31:14 +0200 |
commit | 90ba71780c8ad851f0146e2176a9e40efe532e05 (patch) | |
tree | 8dfca9b98cef35ec916f011206cc7b324d08ac1c /main/src/ui | |
parent | 9ca366fb2db61926021866a37e14c332ebc57c59 (diff) |
Implement tls-cert-profile in profile and parser
Diffstat (limited to 'main/src/ui')
-rw-r--r-- | main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java | 3 | ||||
-rw-r--r-- | main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java index 1e49f2e6..da652ef9 100644 --- a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java +++ b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java @@ -3,6 +3,7 @@ package de.blinkt.openvpn.core; import android.annotation.SuppressLint; import android.content.Context; import android.provider.Settings; +import android.text.TextUtils; import net.openvpn.ovpn3.ClientAPI_Config; import net.openvpn.ovpn3.ClientAPI_EvalConfig; @@ -183,6 +184,8 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable boolean retryOnAuthFailed = mVp.mAuthRetry == AUTH_RETRY_NOINTERACT; config.setRetryOnAuthFailed(retryOnAuthFailed); config.setEnableLegacyAlgorithms(mVp.mUseLegacyProvider); + if (!TextUtils.isEmpty(mVp.mTlSCertProfile)) + config.setTlsCertProfileOverride(mVp.mTlSCertProfile); ClientAPI_EvalConfig ec = eval_config(config); if (ec.getExternalPki()) { diff --git a/main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt b/main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt index 8756b5b0..2130cdef 100644 --- a/main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt +++ b/main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt @@ -302,6 +302,9 @@ object Utils { if (vp.mCompatMode > 0 ) warnings.add("compat mode enabled") + if ("insecure".equals(vp.mTlSCertProfile)) + warnings.add("low security (TLS security profile 'insecure' selected)"); + var cipher= vp.mCipher.toUpperCase(Locale.ROOT) if (cipher.isNullOrEmpty()) cipher = "BF-CBC"; |