diff options
| -rwxr-xr-x | res/values/strings.xml | 2 | ||||
| -rw-r--r-- | src/de/blinkt/openvpn/ConfigParser.java | 14 | ||||
| -rw-r--r-- | src/de/blinkt/openvpn/RemoteCNPreference.java | 3 | ||||
| -rw-r--r-- | src/de/blinkt/openvpn/VpnProfile.java | 21 |
4 files changed, 22 insertions, 18 deletions
diff --git a/res/values/strings.xml b/res/values/strings.xml index 07589382..7d35c20d 100755 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -65,7 +65,7 @@ <string name="check_remote_tlscert_title">Except TLS Server</string> <string name="remote_tlscn_check_summary">Checks the Remote Server Certificate Subject DN</string> <string name="remote_tlscn_check_title">Certificate Hostname Check</string> - <string name="enter_tlscn_dialog">Specify the check used to verify the remote certificate DN\n\Specify the complete DN (e.g. C=DE, L=Paderborn, OU=Avian IP Carriers, CN=openvpn.blinkt.de) or the RDN (openvpn.blinkt.de in the DN example) or an RDN prefix for verification.\n\nRDN prefix will use prefix matching. \"Server\" matches \"Server-1\" and \"Server-2\"\nLeaving the text field empty will check the RDN against the server hostname.\nFor more details see the OpenVPN 2.3 manpage under --x509-verify-name</string> + <string name="enter_tlscn_dialog">Specify the check used to verify the remote certificate DN\n\Specify the complete DN (e.g. C=DE, L=Paderborn, OU=Avian IP Carriers, CN=openvpn.blinkt.de) or the RDN (openvpn.blinkt.de in the DN example) or an RDN prefix for verification.\n\nRDN prefix will use prefix matching. \"Server\" matches \"Server-1\" and \"Server-2\"\nLeaving the text field empty will check the RDN against the server hostname.\nFor more details see the OpenVPN 2.3.1+ manpage under --verify-x509-name</string> <string name="enter_tlscn_title">Remote certificate subject</string> <string name="tls_key_auth">Enables the TLS Key Authentication</string> <string name="tls_auth_file">TLS Auth File</string> diff --git a/src/de/blinkt/openvpn/ConfigParser.java b/src/de/blinkt/openvpn/ConfigParser.java index 28608c9a..f16198ee 100644 --- a/src/de/blinkt/openvpn/ConfigParser.java +++ b/src/de/blinkt/openvpn/ConfigParser.java @@ -454,17 +454,17 @@ public class ConfigParser { np.mX509AuthType = VpnProfile.X509_VERIFY_TLSREMOTE_COMPAT_NOREMAPPING; } - Vector<String> x509verifyname = getOption("x509-verify-name",1,2); - if(x509verifyname!=null){ - np.mRemoteCN = x509verifyname.get(1); + Vector<String> verifyx509name = getOption("verify-x509-name",1,2); + if(verifyx509name!=null){ + np.mRemoteCN = verifyx509name.get(1); np.mCheckRemoteCN=true; - if(x509verifyname.size()>2) { - if (x509verifyname.get(2).equals("name")) + if(verifyx509name.size()>2) { + if (verifyx509name.get(2).equals("name")) np.mX509AuthType=VpnProfile.X509_VERIFY_TLSREMOTE_RDN; - else if (x509verifyname.get(2).equals("name-prefix")) + else if (verifyx509name.get(2).equals("name-prefix")) np.mX509AuthType=VpnProfile.X509_VERIFY_TLSREMOTE_RDN_PREFIX; else - throw new ConfigParseError("Unknown parameter to x509-verify-name: " + x509verifyname.get(2) ); + throw new ConfigParseError("Unknown parameter to x509-verify-name: " + verifyx509name.get(2) ); } else { np.mX509AuthType = VpnProfile.X509_VERIFY_TLSREMOTE_DN; } diff --git a/src/de/blinkt/openvpn/RemoteCNPreference.java b/src/de/blinkt/openvpn/RemoteCNPreference.java index 4daf54c2..3d142527 100644 --- a/src/de/blinkt/openvpn/RemoteCNPreference.java +++ b/src/de/blinkt/openvpn/RemoteCNPreference.java @@ -2,12 +2,9 @@ package de.blinkt.openvpn; import android.content.Context; import android.preference.DialogPreference; -import android.preference.EditTextPreference; -import android.preference.ListPreference; import android.util.AttributeSet; import android.util.Pair; import android.view.View; -import android.view.ViewGroup; import android.widget.ArrayAdapter; import android.widget.EditText; import android.widget.Spinner; diff --git a/src/de/blinkt/openvpn/VpnProfile.java b/src/de/blinkt/openvpn/VpnProfile.java index fcb0679f..ee202369 100644 --- a/src/de/blinkt/openvpn/VpnProfile.java +++ b/src/de/blinkt/openvpn/VpnProfile.java @@ -274,9 +274,16 @@ public class VpnProfile implements Serializable{ if(!configForOvpn3) { String[] ks =getKeyStoreCertificates(context); cfg+="### From Keystore ####\n"; - cfg+="<ca>\n" + ks[0] + "</ca>\n"; - cfg+="<cert>\n" + ks[0] + "</cert>\n"; - cfg+="management-external-key\n"; + if(ks != null) { + cfg+="<ca>\n" + ks[0] + "</ca>\n"; + cfg+="<cert>\n" + ks[0] + "</cert>\n"; + cfg+="management-external-key\n"; + } else { + cfg += context.getString(R.string.keychain_access) +"\n"; + if(Build.VERSION.SDK_INT==Build.VERSION_CODES.JELLY_BEAN) + if(!mAlias.matches("^[a-zA-Z0-9]$")) + cfg += context.getString(R.string.jelly_keystore_alphanumeric_bug)+ "\n"; + } } break; case VpnProfile.TYPE_USERPASS: @@ -358,7 +365,7 @@ public class VpnProfile implements Serializable{ // Authentication if(mCheckRemoteCN) { if(mRemoteCN == null || mRemoteCN.equals("") ) - cfg+="x509-verify-name " + mServerName + " name\n"; + cfg+="verify-x509-name " + mServerName + " name\n"; else switch (mX509AuthType) { @@ -370,15 +377,15 @@ public class VpnProfile implements Serializable{ break; case X509_VERIFY_TLSREMOTE_RDN: - cfg+="x509-verify-name " + openVpnEscape(mRemoteCN) + " name\n"; + cfg+="verify-x509-name " + openVpnEscape(mRemoteCN) + " name\n"; break; case X509_VERIFY_TLSREMOTE_RDN_PREFIX: - cfg+="x509-verify-name " + openVpnEscape(mRemoteCN) + " name-prefix\n"; + cfg+="verify-x509-name " + openVpnEscape(mRemoteCN) + " name-prefix\n"; break; case X509_VERIFY_TLSREMOTE_DN: - cfg+="x509-verify-name " + openVpnEscape(mRemoteCN) + "\n"; + cfg+="verify-x509-name " + openVpnEscape(mRemoteCN) + "\n"; break; } } |