summaryrefslogtreecommitdiff
path: root/main/src/ui
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2021-10-15 01:31:14 +0200
committerArne Schwabe <arne@rfc2549.org>2021-10-15 01:31:14 +0200
commit90ba71780c8ad851f0146e2176a9e40efe532e05 (patch)
tree8dfca9b98cef35ec916f011206cc7b324d08ac1c /main/src/ui
parent9ca366fb2db61926021866a37e14c332ebc57c59 (diff)
Implement tls-cert-profile in profile and parser
Diffstat (limited to 'main/src/ui')
-rw-r--r--main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java3
-rw-r--r--main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt3
2 files changed, 6 insertions, 0 deletions
diff --git a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
index 1e49f2e6..da652ef9 100644
--- a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
+++ b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
@@ -3,6 +3,7 @@ package de.blinkt.openvpn.core;
import android.annotation.SuppressLint;
import android.content.Context;
import android.provider.Settings;
+import android.text.TextUtils;
import net.openvpn.ovpn3.ClientAPI_Config;
import net.openvpn.ovpn3.ClientAPI_EvalConfig;
@@ -183,6 +184,8 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable
boolean retryOnAuthFailed = mVp.mAuthRetry == AUTH_RETRY_NOINTERACT;
config.setRetryOnAuthFailed(retryOnAuthFailed);
config.setEnableLegacyAlgorithms(mVp.mUseLegacyProvider);
+ if (!TextUtils.isEmpty(mVp.mTlSCertProfile))
+ config.setTlsCertProfileOverride(mVp.mTlSCertProfile);
ClientAPI_EvalConfig ec = eval_config(config);
if (ec.getExternalPki()) {
diff --git a/main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt b/main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt
index 8756b5b0..2130cdef 100644
--- a/main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt
+++ b/main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt
@@ -302,6 +302,9 @@ object Utils {
if (vp.mCompatMode > 0 )
warnings.add("compat mode enabled")
+ if ("insecure".equals(vp.mTlSCertProfile))
+ warnings.add("low security (TLS security profile 'insecure' selected)");
+
var cipher= vp.mCipher.toUpperCase(Locale.ROOT)
if (cipher.isNullOrEmpty())
cipher = "BF-CBC";