[network-manager-openvpn/bg/ns-cert-type-bgo719430: 2/2] service, properties: add support for --ns-cert-type option
- From: Beniamino Galvani <bgalvani src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-openvpn/bg/ns-cert-type-bgo719430: 2/2] service, properties: add support for --ns-cert-type option
- Date: Wed, 23 Mar 2016 10:39:52 +0000 (UTC)
commit 4bcc7339d58723fdc40491c4e19d9eadde9b7b71
Author: Beniamino Galvani <bgalvani redhat com>
Date: Tue Mar 22 14:15:24 2016 +0100
service,properties: add support for --ns-cert-type option
Add support for the --ns-cert-type option, used to protect against
man-in-the-middle attacks from other clients. Until now we silently
ignored the option when importing openvpn configuration files, leaving
users vulnerable to attacks.
Note that the nsCertType field is obsolete and has been replaced by
key usage and extended key usage standard fields [RFC 3280], however
there are still VPNs using it for certificate validation.
https://bugzilla.gnome.org/show_bug.cgi?id=719430
properties/auth-helpers.c | 74 ++++++++++++++++++
properties/import-export.c | 21 +++++
properties/nm-openvpn-dialog.ui | 142 ++++++++++++++++++++++++++---------
shared/nm-openvpn-service-defines.h | 5 +
src/nm-openvpn-service.c | 8 ++
5 files changed, 213 insertions(+), 37 deletions(-)
---
diff --git a/properties/auth-helpers.c b/properties/auth-helpers.c
index 8276bd3..d662199 100644
--- a/properties/auth-helpers.c
+++ b/properties/auth-helpers.c
@@ -899,6 +899,7 @@ static const char *advanced_keys[] = {
NM_OPENVPN_KEY_REMOTE_RANDOM,
NM_OPENVPN_KEY_TUN_IPV6,
NM_OPENVPN_KEY_REMOTE_CERT_TLS,
+ NM_OPENVPN_KEY_NS_CERT_TYPE,
NM_OPENVPN_KEY_PING,
NM_OPENVPN_KEY_PING_EXIT,
NM_OPENVPN_KEY_PING_RESTART,
@@ -1210,6 +1211,53 @@ tls_auth_toggled_cb (GtkWidget *widget, gpointer user_data)
gtk_widget_set_sensitive (widget, use_auth);
}
+static void
+ns_cert_type_toggled_cb (GtkWidget *widget, gpointer user_data)
+{
+ GtkBuilder *builder = (GtkBuilder *) user_data;
+ gboolean use_ns_cert_type = FALSE;
+
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "ns_cert_type_checkbutton"));
+ use_ns_cert_type = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget));
+
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "ns_cert_type_label"));
+ gtk_widget_set_sensitive (widget, use_ns_cert_type);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "ns_cert_type_combo"));
+ gtk_widget_set_sensitive (widget, use_ns_cert_type);
+}
+
+#define NS_CERT_TYPE_COL_NAME 0
+#define NS_CERT_TYPE_COL_VALUE 1
+
+static void
+populate_ns_cert_type_combo (GtkComboBox *box, const char *type)
+{
+ GtkListStore *store;
+ GtkTreeIter iter;
+
+ store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING);
+ gtk_combo_box_set_model (box, GTK_TREE_MODEL (store));
+
+ gtk_list_store_append (store, &iter);
+ gtk_list_store_set (store, &iter,
+ NS_CERT_TYPE_COL_NAME, _("Server"),
+ NS_CERT_TYPE_COL_VALUE, NM_OPENVPN_NS_CERT_TYPE_SERVER,
+ -1);
+ gtk_list_store_append (store, &iter);
+ gtk_list_store_set (store, &iter,
+ NS_CERT_TYPE_COL_NAME, _("Client"),
+ NS_CERT_TYPE_COL_VALUE, NM_OPENVPN_NS_CERT_TYPE_CLIENT,
+ -1);
+
+ if (g_strcmp0 (type, NM_OPENVPN_NS_CERT_TYPE_CLIENT) == 0)
+ gtk_combo_box_set_active (box, 1);
+ else
+ gtk_combo_box_set_active (box, 0);
+
+ g_object_unref (store);
+}
+
#define PROXY_TYPE_NONE 0
#define PROXY_TYPE_HTTP 1
#define PROXY_TYPE_SOCKS 2
@@ -1713,6 +1761,17 @@ advanced_dialog_new (GHashTable *hash, const char *contype)
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_REMOTE_CERT_TLS);
populate_remote_cert_tls_combo (GTK_COMBO_BOX (widget), value);
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "ns_cert_type_checkbutton"));
+ value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_NS_CERT_TYPE);
+ if (value && strlen (value))
+ gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
+ g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (ns_cert_type_toggled_cb), builder);
+ ns_cert_type_toggled_cb (widget, builder);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "ns_cert_type_combo"));
+ value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_NS_CERT_TYPE);
+ populate_ns_cert_type_combo (GTK_COMBO_BOX (widget), value);
+
if ( !strcmp (contype, NM_OPENVPN_CONTYPE_TLS)
|| !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)
|| !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) {
@@ -2052,6 +2111,21 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
}
}
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "ns_cert_type_checkbutton"));
+ if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "ns_cert_type_combo"));
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
+ if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) {
+ char *type = NULL;
+
+ gtk_tree_model_get (model, &iter, NS_CERT_TYPE_COL_VALUE, &type, -1);
+ if (type)
+ g_hash_table_insert (hash,
+ g_strdup (NM_OPENVPN_KEY_NS_CERT_TYPE),
+ type);
+ }
+ }
+
widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_checkbutton"));
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
char *filename;
diff --git a/properties/import-export.c b/properties/import-export.c
index d037d3a..79a1008 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -67,6 +67,7 @@
#define TAG_KEY "key"
#define TAG_KEYSIZE "keysize"
#define TAG_MSSFIX "mssfix"
+#define TAG_NS_CERT_TYPE "ns-cert-type"
#define TAG_PING_EXIT "ping-exit"
#define TAG_PING "ping"
#define TAG_PING_RESTART "ping-restart"
@@ -895,6 +896,18 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
continue;
}
+ if (NM_IN_STRSET (params[0], TAG_NS_CERT_TYPE)) {
+ if (!args_params_check_nargs_n (params, 1, &line_error))
+ goto handle_line_error;
+ if (NM_IN_STRSET (params[1], "client", "server"))
+ setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_NS_CERT_TYPE, params[1]);
+ else {
+ line_error = args_params_error_message_invalid_arg (params, 1);
+ goto handle_line_error;
+ }
+ continue;
+ }
+
if (NM_IN_STRSET (params[0], TAG_TUN_MTU)) {
if (!args_params_check_nargs_n (params, 1, &line_error))
goto handle_line_error;
@@ -1513,6 +1526,7 @@ do_export (const char *path, NMConnection *connection, GError **error)
const char *remote_ip = NULL;
const char *tls_remote = NULL;
const char *remote_cert_tls = NULL;
+ const char *ns_cert_type = NULL;
gs_free char *tls_auth = NULL;
const char *tls_auth_dir = NULL;
gs_free char *device = NULL;
@@ -1678,6 +1692,10 @@ do_export (const char *path, NMConnection *connection, GError **error)
if (value && strlen (value))
remote_cert_tls = value;
+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_NS_CERT_TYPE);
+ if (value && strlen (value))
+ ns_cert_type = value;
+
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_RANDOM);
if (value && !strcmp (value, "yes"))
randomize_hosts = TRUE;
@@ -1813,6 +1831,9 @@ do_export (const char *path, NMConnection *connection, GError **error)
}
}
+ if (ns_cert_type)
+ fprintf (f, "ns-cert-type %s\n", ns_cert_type);
+
/* Proxy stuff */
proxy_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_TYPE);
if (proxy_type && strlen (proxy_type)) {
diff --git a/properties/nm-openvpn-dialog.ui b/properties/nm-openvpn-dialog.ui
index 4c4ce15..a58cf60 100644
--- a/properties/nm-openvpn-dialog.ui
+++ b/properties/nm-openvpn-dialog.ui
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!-- Generated with glade 3.18.3 -->
+<!-- Generated with glade 3.19.0 -->
<interface>
<requires lib="gtk+" version="3.4"/>
<object class="GtkAdjustment" id="adjustment1">
@@ -93,9 +93,9 @@
<object class="GtkLabel" id="label22">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes"><b>General</b></property>
<property name="use_markup">True</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="expand">False</property>
@@ -118,10 +118,10 @@
<object class="GtkLabel" id="label23">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">_Gateway:</property>
<property name="use_underline">True</property>
<property name="mnemonic_widget">gateway_entry</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -175,9 +175,9 @@ config: remote</property>
<object class="GtkLabel" id="label25">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes"><b>Authentication</b></property>
<property name="use_markup">True</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="expand">False</property>
@@ -248,8 +248,8 @@ config: remote</property>
<object class="GtkLabel" id="label29">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">Private Key Password:</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -281,8 +281,8 @@ config: key</property>
<object class="GtkLabel" id="label4">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">Private Key:</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -313,8 +313,8 @@ config: ca</property>
<object class="GtkLabel" id="label2">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">CA Certificate:</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -325,8 +325,8 @@ config: ca</property>
<object class="GtkLabel" id="label3">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">User Certificate:</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -417,8 +417,8 @@ config: ca</property>
<object class="GtkLabel" id="label27">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">Password:</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -429,8 +429,8 @@ config: ca</property>
<object class="GtkLabel" id="label7">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">CA Certificate:</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -441,8 +441,8 @@ config: ca</property>
<object class="GtkLabel" id="label5">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">User name:</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -518,8 +518,8 @@ config: auth-user-pass</property>
<object class="GtkLabel" id="label30">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">Private Key Password:</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -550,8 +550,8 @@ config: key</property>
<object class="GtkLabel" id="label9">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">Private Key:</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -562,8 +562,8 @@ config: key</property>
<object class="GtkLabel" id="label28">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">Password:</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -636,8 +636,8 @@ config: ca</property>
<object class="GtkLabel" id="label8">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">User Certificate:</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -648,8 +648,8 @@ config: ca</property>
<object class="GtkLabel" id="label6">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">CA Certificate:</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -660,8 +660,8 @@ config: ca</property>
<object class="GtkLabel" id="label10">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">User name:</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -736,9 +736,9 @@ config: ifconfig <l> <rn></property>
<object class="GtkLabel" id="label31">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">Remote IP Address:</property>
<property name="justify">right</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -749,9 +749,9 @@ config: ifconfig <l> <rn></property>
<object class="GtkLabel" id="label20">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">Local IP Address:</property>
<property name="justify">right</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -782,8 +782,8 @@ config: ifconfig <l> <rn></property>
<object class="GtkLabel" id="label12">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">Key Direction:</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -794,8 +794,8 @@ config: ifconfig <l> <rn></property>
<object class="GtkLabel" id="label11">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">Static Key:</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -881,8 +881,8 @@ config: static <file> [direction]</property>
<object class="GtkLabel" id="label26">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">Type:</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -1305,10 +1305,10 @@ config: dev-type tun | tap</property>
<object class="GtkLabel" id="label35">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes"> and _name:</property>
<property name="use_underline">True</property>
<property name="mnemonic_widget">dev_entry</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="expand">False</property>
@@ -1729,11 +1729,11 @@ config: auth</property>
<object class="GtkLabel" id="label19">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">1</property>
<property name="label" translatable="yes">Ci_pher:</property>
<property name="use_underline">True</property>
<property name="justify">right</property>
<property name="mnemonic_widget">cipher_combo</property>
+ <property name="xalign">1</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -1744,11 +1744,11 @@ config: auth</property>
<object class="GtkLabel" id="label24">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">1</property>
<property name="label" translatable="yes">_HMAC Authentication:</property>
<property name="use_underline">True</property>
<property name="justify">right</property>
<property name="mnemonic_widget">hmacauth_combo</property>
+ <property name="xalign">1</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -1797,10 +1797,10 @@ config: auth</property>
<object class="GtkLabel" id="tls_remote_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">_Subject Match:</property>
<property name="use_underline">True</property>
<property name="mnemonic_widget">tls_remote_entry</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -1818,12 +1818,12 @@ config: auth</property>
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="valign">start</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes"><i>Connect only to servers
whose certificate matches the given subject.
Example: /CN=myvpn.company.com</i></property>
<property name="use_markup">True</property>
<property name="wrap">True</property>
<property name="width_chars">30</property>
+ <property name="xalign">0</property>
</object>
</child>
</object>
@@ -1883,10 +1883,10 @@ config: tls-remote</property>
<object class="GtkLabel" id="remote_cert_tls_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">_Remote peer certificate TLS
type:</property>
<property name="use_underline">True</property>
<property name="mnemonic_widget">remote_cert_tls_combo</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -1921,6 +1921,74 @@ config: remote-cert-tls client|server</property>
</packing>
</child>
<child>
+ <object class="GtkGrid" id="table13">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="valign">start</property>
+ <property name="row_spacing">3</property>
+ <property name="column_spacing">12</property>
+ <child>
+ <object class="GtkCheckButton" id="ns_cert_type_checkbutton">
+ <property name="label" translatable="yes">_Verify peer (server) certificate
nsCertType designation</property>
+ <property name="use_action_appearance">False</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="tooltip_text" translatable="yes">Require that peer certificate
was signed with an explicit nsCertType designation.</property>
+ <property name="halign">baseline</property>
+ <property name="valign">start</property>
+ <property name="use_underline">True</property>
+ <property name="xalign">0</property>
+ <property name="draw_indicator">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">0</property>
+ <property name="width">2</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="ns_cert_type_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">_Remote peer certificate nsCert
designation:</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">remote_cert_tls_combo</property>
+ <property name="xalign">0</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkComboBox" id="ns_cert_type_combo">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="tooltip_text" translatable="yes">Require that peer certificate
was signed with an explicit nsCertType designation.
+config: ns-cert-type client|server</property>
+ <property name="model">model7</property>
+ <child>
+ <object class="GtkCellRendererText" id="renderer7"/>
+ <attributes>
+ <attribute name="text">0</attribute>
+ </attributes>
+ </child>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ </object>
+ <packing>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ <property name="padding">6</property>
+ <property name="position">2</property>
+ </packing>
+ </child>
+ <child>
<object class="GtkGrid" id="table7">
<property name="visible">True</property>
<property name="can_focus">False</property>
@@ -1956,10 +2024,10 @@ config: remote-cert-tls client|server</property>
<object class="GtkLabel" id="direction_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">Key _Direction:</property>
<property name="use_underline">True</property>
<property name="mnemonic_widget">direction_combo</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -2003,10 +2071,10 @@ config: tls-auth <file> [direction]</property>
<object class="GtkLabel" id="tls_auth_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes">Key _File:</property>
<property name="use_underline">True</property>
<property name="mnemonic_widget">tls_auth_chooser</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -2023,7 +2091,7 @@ config: tls-auth <file> [direction]</property>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
- <property name="position">2</property>
+ <property name="position">3</property>
</packing>
</child>
</object>
@@ -2085,11 +2153,11 @@ config: http-proxy or socks-proxy</property>
<object class="GtkLabel" id="label34">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">1</property>
<property name="label" translatable="yes">Proxy _Type:</property>
<property name="use_underline">True</property>
<property name="justify">right</property>
<property name="mnemonic_widget">proxy_type_combo</property>
+ <property name="xalign">1</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -2101,11 +2169,11 @@ config: http-proxy or socks-proxy</property>
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="valign">start</property>
- <property name="xalign">0</property>
<property name="label" translatable="yes"><i>Select this option if your
organization requires the use of a proxy server to access the Internet.</i></property>
<property name="use_markup">True</property>
<property name="wrap">True</property>
<property name="width_chars">35</property>
+ <property name="xalign">0</property>
</object>
<packing>
<property name="left_attach">1</property>
@@ -2116,10 +2184,10 @@ config: http-proxy or socks-proxy</property>
<object class="GtkLabel" id="proxy_server_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">1</property>
<property name="label" translatable="yes">Server _Address:</property>
<property name="use_underline">True</property>
<property name="mnemonic_widget">proxy_server_entry</property>
+ <property name="xalign">1</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -2154,11 +2222,11 @@ config: http-proxy or socks-proxy</property>
<object class="GtkLabel" id="proxy_port_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">1</property>
<property name="label" translatable="yes">_Port:</property>
<property name="use_underline">True</property>
<property name="justify">right</property>
<property name="mnemonic_widget">proxy_port_spinbutton</property>
+ <property name="xalign">1</property>
</object>
<packing>
<property name="expand">True</property>
@@ -2214,11 +2282,11 @@ config: http-proxy-retry or socks-proxy-retry</property>
<object class="GtkLabel" id="proxy_username_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">1</property>
<property name="label" translatable="yes">Proxy _Username:</property>
<property name="use_underline">True</property>
<property name="justify">right</property>
<property name="mnemonic_widget">proxy_username_entry</property>
+ <property name="xalign">1</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -2229,11 +2297,11 @@ config: http-proxy-retry or socks-proxy-retry</property>
<object class="GtkLabel" id="proxy_password_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="xalign">1</property>
<property name="label" translatable="yes">Proxy Passwor_d:</property>
<property name="use_underline">True</property>
<property name="justify">right</property>
<property name="mnemonic_widget">proxy_password_entry</property>
+ <property name="xalign">1</property>
</object>
<packing>
<property name="left_attach">0</property>
diff --git a/shared/nm-openvpn-service-defines.h b/shared/nm-openvpn-service-defines.h
index fd59dfe..825e3c7 100644
--- a/shared/nm-openvpn-service-defines.h
+++ b/shared/nm-openvpn-service-defines.h
@@ -41,6 +41,7 @@
#define NM_OPENVPN_KEY_KEY "key"
#define NM_OPENVPN_KEY_LOCAL_IP "local-ip" /* ??? */
#define NM_OPENVPN_KEY_MSSFIX "mssfix"
+#define NM_OPENVPN_KEY_NS_CERT_TYPE "ns-cert-type"
#define NM_OPENVPN_KEY_PING "ping"
#define NM_OPENVPN_KEY_PING_EXIT "ping-exit"
#define NM_OPENVPN_KEY_PING_RESTART "ping-restart"
@@ -96,6 +97,10 @@
#define NM_OPENVPN_REM_CERT_TLS_CLIENT "client"
#define NM_OPENVPN_REM_CERT_TLS_SERVER "server"
+/* arguments of "--ns-cert-type" */
+#define NM_OPENVPN_NS_CERT_TYPE_CLIENT "client"
+#define NM_OPENVPN_NS_CERT_TYPE_SERVER "server"
+
/* User name and group to run nm-openvpn-service under */
#define NM_OPENVPN_USER "nm-openvpn"
#define NM_OPENVPN_GROUP "nm-openvpn"
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index e467755..a35a3eb 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -141,6 +141,7 @@ static ValidProperty valid_properties[] = {
{ NM_OPENVPN_KEY_TUN_IPV6, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_TLS_REMOTE, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_REMOTE_CERT_TLS, G_TYPE_STRING, 0, 0, FALSE },
+ { NM_OPENVPN_KEY_NS_CERT_TYPE, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_TUNNEL_MTU, G_TYPE_INT, 0, G_MAXINT, FALSE },
{ NM_OPENVPN_KEY_USERNAME, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_PASSWORD"-flags", G_TYPE_STRING, 0, 0, FALSE },
@@ -1380,6 +1381,13 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
add_openvpn_arg (args, tmp);
}
+ /* ns-cert-type */
+ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_NS_CERT_TYPE);
+ if (tmp && tmp[0]) {
+ add_openvpn_arg (args, "--ns-cert-type");
+ add_openvpn_arg (args, tmp);
+ }
+
/* Reneg seconds */
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS);
if (!connection_type_is_tls_mode (connection_type)) {
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
