From 90ba71780c8ad851f0146e2176a9e40efe532e05 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Fri, 15 Oct 2021 01:31:14 +0200 Subject: Implement tls-cert-profile in profile and parser --- main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java | 3 +++ main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt | 3 +++ 2 files changed, 6 insertions(+) (limited to 'main/src/ui/java/de/blinkt/openvpn') diff --git a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java index 1e49f2e6..da652ef9 100644 --- a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java +++ b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java @@ -3,6 +3,7 @@ package de.blinkt.openvpn.core; import android.annotation.SuppressLint; import android.content.Context; import android.provider.Settings; +import android.text.TextUtils; import net.openvpn.ovpn3.ClientAPI_Config; import net.openvpn.ovpn3.ClientAPI_EvalConfig; @@ -183,6 +184,8 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable boolean retryOnAuthFailed = mVp.mAuthRetry == AUTH_RETRY_NOINTERACT; config.setRetryOnAuthFailed(retryOnAuthFailed); config.setEnableLegacyAlgorithms(mVp.mUseLegacyProvider); + if (!TextUtils.isEmpty(mVp.mTlSCertProfile)) + config.setTlsCertProfileOverride(mVp.mTlSCertProfile); ClientAPI_EvalConfig ec = eval_config(config); if (ec.getExternalPki()) { diff --git a/main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt b/main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt index 8756b5b0..2130cdef 100644 --- a/main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt +++ b/main/src/ui/java/de/blinkt/openvpn/fragments/Utils.kt @@ -302,6 +302,9 @@ object Utils { if (vp.mCompatMode > 0 ) warnings.add("compat mode enabled") + if ("insecure".equals(vp.mTlSCertProfile)) + warnings.add("low security (TLS security profile 'insecure' selected)"); + var cipher= vp.mCipher.toUpperCase(Locale.ROOT) if (cipher.isNullOrEmpty()) cipher = "BF-CBC"; -- cgit v1.2.3