From 59e2992331f08dfa2799496c18109b93a382b078 Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Fri, 15 Oct 2021 02:02:38 +0200
Subject: Improve detection and logging of weak md error FAQ hint

---
 main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java | 8 +-------
 main/src/main/java/de/blinkt/openvpn/core/VpnStatus.java     | 8 +++++++-
 main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java | 6 ++++--
 3 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java
index bb3b804d..8b3d4525 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java
@@ -135,7 +135,6 @@ public class OpenVPNThread implements Runnable {
                     mDumpPath = logline.substring(DUMP_PATH_STRING.length());
 
                 Matcher m = LOG_PATTERN.matcher(logline);
-                int logerror = 0;
                 if (m.matches()) {
                     int flags = Integer.parseInt(m.group(3), 16);
                     String msg = m.group(4);
@@ -155,13 +154,8 @@ public class OpenVPNThread implements Runnable {
                     if (msg.startsWith("MANAGEMENT: CMD"))
                         logLevel = Math.max(4, logLevel);
 
-                    if ((msg.endsWith("md too weak") && msg.startsWith("OpenSSL: error")) || msg.contains("error:140AB18E"))
-                        logerror = 1;
-
                     VpnStatus.logMessageOpenVPN(logStatus, logLevel, msg);
-                    if (logerror==1)
-                        VpnStatus.logError("OpenSSL reported a certificate with a weak hash, please the in app FAQ about weak hashes");
-
+                    VpnStatus.checkWeakMD(msg);
                 } else {
                     VpnStatus.logInfo("P:" + logline);
                 }
diff --git a/main/src/main/java/de/blinkt/openvpn/core/VpnStatus.java b/main/src/main/java/de/blinkt/openvpn/core/VpnStatus.java
index e325f8b7..04848f93 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/VpnStatus.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/VpnStatus.java
@@ -469,11 +469,17 @@ public class VpnStatus {
     }
 
     public static void logMessageOpenVPN(LogLevel level, int ovpnlevel, String message) {
+        /* Check for the weak md whe we have a message from OpenVPN */
         newLogItem(new LogItem(level, ovpnlevel, message));
-
     }
 
 
+    public static void checkWeakMD(String msg) {
+        if ((msg.endsWith("md too weak") && msg.startsWith("OpenSSL: error")) || msg.contains("error:140AB18E")
+                || msg.contains("SSL_CA_MD_TOO_WEAK") || (msg.contains("ca md too weak")))
+            logError("OpenSSL reported a certificate with a weak hash, please see the in app FAQ about weak hashes.");
+    }
+
     public static synchronized void updateByteCount(long in, long out) {
         TrafficHistory.LastDiff diff = trafficHistory.add(in, out);
 
diff --git a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
index da652ef9..c51fc2cc 100644
--- a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
+++ b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
@@ -55,6 +55,7 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable
         ClientAPI_Status status = connect();
         if (status.getError()) {
             VpnStatus.logError(String.format("connect() error: %s: %s", status.getStatus(), status.getMessage()));
+            VpnStatus.checkWeakMD(status.getMessage());
         } else {
             VpnStatus.updateStateString("NOPROCESS", "OpenVPN3 thread finished", R.string.state_noprocess, ConnectionStatus.LEVEL_NOTCONNECTED);
         }
@@ -172,7 +173,7 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable
 
         config.setContent(vpnconfig);
         config.setTunPersist(mVp.mPersistTun);
-        config.setGuiVersion(mVp.getVersionEnvString(mService));
+        config.setGuiVersion(VpnProfile.getVersionEnvString(mService));
         config.setSsoMethods("openurl,webauth,crtext");
         config.setPlatformVersion(mVp.getPlatformVersionEnvString());
         config.setExternalPkiAlias("extpki");
@@ -305,6 +306,7 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable
             logmsg = logmsg.substring(0, logmsg.length() - 1);
 
         VpnStatus.logInfo(logmsg);
+        VpnStatus.checkWeakMD(logmsg);
     }
 
     @Override
@@ -318,7 +320,7 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable
             } else {
                 VpnStatus.logInfo(R.string.info_from_server, info);
             }
-        } else if (name.equals("COMPRESSION_ENABLED")) {
+        } else if (name.equals("COMPRESSION_ENABLED") || name.equals(("WARN"))) {
             VpnStatus.logInfo(String.format(Locale.US, "%s: %s", name, info));
         } else {
             VpnStatus.updateStateString(name, info);
-- 
cgit v1.2.3