[network-manager-openvpn/nm-1-0] service: only set reneg-sec option in TLS mode

[Thomas Haller <thaller src gnome org>]

commit 0fd197dc4221708dd37ee256952e8d080356676e
Author: Thomas Haller <thaller redhat com>
Date:   Wed May 27 10:47:49 2015 +0200

    service: only set reneg-sec option in TLS mode
    
    Fixes: bfc4464c9b6d7a00be013eee9a4132a1f9c6fbb9
    
    https://bugzilla.gnome.org/show_bug.cgi?id=749050
    https://bugzilla.redhat.com/show_bug.cgi?id=1225218
    
    (cherry picked from commit 7f9031dbaee3059ea072fb2497563aee6acf8da0)

 src/nm-openvpn-service.c |   13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)
---
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 7cb9438..0a4d5bf 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -733,6 +733,14 @@ validate_connection_type (const char *ctype)
        return NULL;
 }
 
+static gboolean
+connection_type_is_tls_mode (const char *connection_type)
+{
+       return strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS) == 0
+           || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD) == 0
+           || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS) == 0;
+}
+
 static const char *
 nm_find_openvpn (void)
 {
@@ -1108,7 +1116,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
 
        /* Reneg seconds */
        tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS);
-       if (tmp && strlen (tmp)) {
+       if (!connection_type_is_tls_mode (connection_type)) {
+               /* Ignore --reneg-sec option if we are not in TLS mode (as enabled
+                * by --client below). openvpn will error out otherwise, see bgo#749050. */
+       } else if (tmp && strlen (tmp)) {
                add_openvpn_arg (args, "--reneg-sec");
                if (!add_openvpn_arg_int (args, tmp)) {
                        g_set_error (error,