From a5611ff5b14e15514c20a8f6e8143fa97f1f9bf5 Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Thu, 16 Jan 2014 23:56:08 +0100
Subject: =?UTF-8?q?make=20configuring=20=E2=80=94static=20profiles=20a=20b?=
 =?UTF-8?q?it=20easier?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/de/blinkt/openvpn/VpnProfile.java | 59 ++++++++++++++++++-----------------
 1 file changed, 30 insertions(+), 29 deletions(-)

(limited to 'src/de/blinkt/openvpn/VpnProfile.java')

diff --git a/src/de/blinkt/openvpn/VpnProfile.java b/src/de/blinkt/openvpn/VpnProfile.java
index 89e27c47..d580829d 100644
--- a/src/de/blinkt/openvpn/VpnProfile.java
+++ b/src/de/blinkt/openvpn/VpnProfile.java
@@ -344,35 +344,36 @@ public class VpnProfile implements Serializable {
 
 
         // Authentication
-        if (mCheckRemoteCN) {
-            if (mRemoteCN == null || mRemoteCN.equals(""))
-                cfg += "verify-x509-name " + mServerName + " name\n";
-            else
-                switch (mX509AuthType) {
-
-                    // 2.2 style x509 checks
-                    case X509_VERIFY_TLSREMOTE_COMPAT_NOREMAPPING:
-                        cfg += "compat-names no-remapping\n";
-                    case X509_VERIFY_TLSREMOTE:
-                        cfg += "tls-remote " + openVpnEscape(mRemoteCN) + "\n";
-                        break;
-
-                    case X509_VERIFY_TLSREMOTE_RDN:
-                        cfg += "verify-x509-name " + openVpnEscape(mRemoteCN) + " name\n";
-                        break;
-
-                    case X509_VERIFY_TLSREMOTE_RDN_PREFIX:
-                        cfg += "verify-x509-name " + openVpnEscape(mRemoteCN) + " name-prefix\n";
-                        break;
-
-                    case X509_VERIFY_TLSREMOTE_DN:
-                        cfg += "verify-x509-name " + openVpnEscape(mRemoteCN) + "\n";
-                        break;
-                }
+        if (mAuthenticationType != TYPE_STATICKEYS) {
+            if (mCheckRemoteCN) {
+                if (mRemoteCN == null || mRemoteCN.equals(""))
+                    cfg += "verify-x509-name " + mServerName + " name\n";
+                else
+                    switch (mX509AuthType) {
+
+                        // 2.2 style x509 checks
+                        case X509_VERIFY_TLSREMOTE_COMPAT_NOREMAPPING:
+                            cfg += "compat-names no-remapping\n";
+                        case X509_VERIFY_TLSREMOTE:
+                            cfg += "tls-remote " + openVpnEscape(mRemoteCN) + "\n";
+                            break;
+
+                        case X509_VERIFY_TLSREMOTE_RDN:
+                            cfg += "verify-x509-name " + openVpnEscape(mRemoteCN) + " name\n";
+                            break;
+
+                        case X509_VERIFY_TLSREMOTE_RDN_PREFIX:
+                            cfg += "verify-x509-name " + openVpnEscape(mRemoteCN) + " name-prefix\n";
+                            break;
+
+                        case X509_VERIFY_TLSREMOTE_DN:
+                            cfg += "verify-x509-name " + openVpnEscape(mRemoteCN) + "\n";
+                            break;
+                    }
+            }
+            if (mExpectTLSCert)
+                cfg += "remote-cert-tls server\n";
         }
-        if (mExpectTLSCert)
-            cfg += "remote-cert-tls server\n";
-
 
         if (nonNull(mCipher)) {
             cfg += "cipher " + mCipher + "\n";
@@ -676,7 +677,7 @@ public class VpnProfile implements Serializable {
                 return R.string.no_keystore_cert_selected;
         }
 
-        if (!mUsePull) {
+        if (!mUsePull || mAuthenticationType == TYPE_STATICKEYS) {
             if (mIPv4Address == null || cidrToIPAndNetmask(mIPv4Address) == null)
                 return R.string.ipv4_format_error;
         }
-- 
cgit v1.2.3