[network-manager-openvpn/nm-1-0] core: use a default renegotiation interval of zero (rh #969433)

[Dan Williams <dcbw src gnome org>]

commit bfc4464c9b6d7a00be013eee9a4132a1f9c6fbb9
Author: Dan Williams <dcbw redhat com>
Date:   Wed Apr 8 09:37:56 2015 -0500

    core: use a default renegotiation interval of zero (rh #969433)
    
    Since the client and server do not negotiate options, each side gets
    to specify its own --reneg-sec to control when each side renegotiates.
    OpenVPN defaults to 3600, so if the client and server don't agree this
    causes too-frequent renegotiations.
    
    This is worse with two-factor authentication, becuase it can mean that
    the client requests a password/PIN from the user much more often then
    the server actually wants.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=969433
    (cherry picked from commit 81149fd01897166cee5649d2da3801f2a5a45b5c)

 src/nm-openvpn-service.c |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)
---
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 16d42fe..7cb9438 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -1119,6 +1119,14 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
                        free_openvpn_args (args);
                        return FALSE;
                }
+       } else {
+               /* Either the server and client must agree on the renegotiation
+                * interval, or it should be disabled on one side to prevent
+                * too-frequent renegotiations, which make two-factor auth quite
+                * painful.
+                */
+               add_openvpn_arg (args, "--reneg-sec");
+               add_openvpn_arg (args, "0");
        }
 
        if (debug) {