summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--openvpn/src/openvpn/options.c2
-rw-r--r--res/values/strings.xml3
-rw-r--r--src/de/blinkt/openvpn/OpenVpnManagementThread.java8
-rw-r--r--src/de/blinkt/openvpn/VpnProfile.java9
4 files changed, 16 insertions, 6 deletions
diff --git a/openvpn/src/openvpn/options.c b/openvpn/src/openvpn/options.c
index b83c1de6..b3a41d7b 100644
--- a/openvpn/src/openvpn/options.c
+++ b/openvpn/src/openvpn/options.c
@@ -2732,7 +2732,7 @@ options_postprocess_filechecks (struct options *options)
"--extra-certs");
#ifdef MANAGMENT_EXTERNAL_KEY
- if(!(options->management_flags | MF_EXTERNAL_KEY))
+ if(!(options->management_flags & MF_EXTERNAL_KEY))
#endif
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->priv_key_file, R_OK,
"--key");
diff --git a/res/values/strings.xml b/res/values/strings.xml
index ba4f6b02..d6b55458 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -220,6 +220,7 @@
<string name="keppstatus_summary">Keep the notification displayed after the connection is established to show traffic statistics.</string>
<string name="keepstatus">Show Traffic Statistics</string>
<string name="mobile_info">Running on %1$s (%2$s) %3$s, Android API %4$d</string>
- <string name="error_rsa_sign">Error signing with Android keystore key %s</string>
+ <string name="error_rsa_sign">Error signing with Android keystore key %1$s: %2$s</string>
+ <string name="keychain_jellybeans">Reading from Android Keystore does not work in Jelly Beans (Google change the way private keys are returned)</string>
</resources>
diff --git a/src/de/blinkt/openvpn/OpenVpnManagementThread.java b/src/de/blinkt/openvpn/OpenVpnManagementThread.java
index e1b37342..69129eb1 100644
--- a/src/de/blinkt/openvpn/OpenVpnManagementThread.java
+++ b/src/de/blinkt/openvpn/OpenVpnManagementThread.java
@@ -403,9 +403,12 @@ public class OpenVpnManagementThread implements Runnable {
private void processSignCommand(String b64data) {
PrivateKey privkey = mProfile.getKeystoreKey();
Exception err =null;
+
try{
byte[] data = Base64.decode(b64data, Base64.DEFAULT);
- Cipher rsasinger = javax.crypto.Cipher.getInstance("RSA/ECB/PKCS1PADDING");
+
+ Cipher rsasinger = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
+
rsasinger.init(Cipher.ENCRYPT_MODE, privkey);
byte[] signed_bytes = rsasinger.doFinal(data);
@@ -425,8 +428,9 @@ public class OpenVpnManagementThread implements Runnable {
err =e;
}
if(err !=null) {
- OpenVPN.logError(R.string.error_rsa_sign,err.getLocalizedMessage());
+ OpenVPN.logError(R.string.error_rsa_sign,err.getClass().toString(),err.getLocalizedMessage());
}
+
}
}
diff --git a/src/de/blinkt/openvpn/VpnProfile.java b/src/de/blinkt/openvpn/VpnProfile.java
index 8b758b3b..54eaae88 100644
--- a/src/de/blinkt/openvpn/VpnProfile.java
+++ b/src/de/blinkt/openvpn/VpnProfile.java
@@ -24,6 +24,7 @@ import org.spongycastle.util.io.pem.PemWriter;
import android.content.Context;
import android.content.Intent;
import android.content.pm.ApplicationInfo;
+import android.os.Build;
import android.security.KeyChain;
import android.security.KeyChainException;
@@ -551,8 +552,12 @@ public class VpnProfile implements Serializable{
//! Return an error if somethign is wrong
int checkProfile() {
- if((mAuthenticationType==TYPE_KEYSTORE || mAuthenticationType==TYPE_USERPASS_KEYSTORE) && mAlias==null)
- return R.string.no_keystore_cert_selected;
+ if(mAuthenticationType==TYPE_KEYSTORE || mAuthenticationType==TYPE_USERPASS_KEYSTORE) {
+ if(mAlias==null)
+ return R.string.no_keystore_cert_selected;
+ if(Build.VERSION.SDK_INT == 16)
+ return R.string.keychain_jellybeans;
+ }
if(!mUsePull) {
if(mIPv4Address == null || cidrToIPAndNetmask(mIPv4Address) == null)