[network-manager-openvpn] service: only set reneg-sec option in TLS mode

[Thomas Haller <thaller src gnome org>]

commit 7f9031dbaee3059ea072fb2497563aee6acf8da0
Author: Thomas Haller <thaller redhat com>
Date:   Wed May 27 10:47:49 2015 +0200

    service: only set reneg-sec option in TLS mode
    
    Fixes: 81149fd01897166cee5649d2da3801f2a5a45b5c
    
    https://bugzilla.gnome.org/show_bug.cgi?id=749050
    https://bugzilla.redhat.com/show_bug.cgi?id=1225218

 src/nm-openvpn-service.c |   13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)
---
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 10bd37d..64ac1ff 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -732,6 +732,14 @@ validate_connection_type (const char *ctype)
        return NULL;
 }
 
+static gboolean
+connection_type_is_tls_mode (const char *connection_type)
+{
+       return strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS) == 0
+           || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD) == 0
+           || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS) == 0;
+}
+
 static const char *
 nm_find_openvpn (void)
 {
@@ -1104,7 +1112,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
 
        /* Reneg seconds */
        tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS);
-       if (tmp && strlen (tmp)) {
+       if (!connection_type_is_tls_mode (connection_type)) {
+               /* Ignore --reneg-sec option if we are not in TLS mode (as enabled
+                * by --client below). openvpn will error out otherwise, see bgo#749050. */
+       } else if (tmp && strlen (tmp)) {
                add_openvpn_arg (args, "--reneg-sec");
                if (!add_openvpn_arg_int (args, tmp)) {
                        g_set_error (error,