[network-manager-openvpn] add support for --tls-cipher option
- From: Thomas Haller <thaller src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-openvpn] add support for --tls-cipher option
- Date: Wed, 18 May 2016 15:39:46 +0000 (UTC)
commit d7a84afe1d1948c7990a08b18913e65550c222a0
Author: Thomas Haller <thaller redhat com>
Date: Wed May 18 17:11:29 2016 +0200
add support for --tls-cipher option
Not exposed in the UI.
https://bugzilla.gnome.org/show_bug.cgi?id=763484
properties/import-export.c | 11 +++++++++++
shared/nm-service-defines.h | 1 +
shared/utils.h | 1 +
src/nm-openvpn-service.c | 7 +++++++
4 files changed, 20 insertions(+), 0 deletions(-)
---
diff --git a/properties/import-export.c b/properties/import-export.c
index 885f940..f2b7440 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -1144,6 +1144,15 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
continue;
}
+ if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_TLS_CIPHER)) {
+ if (!args_params_check_nargs_n (params, 1, &line_error))
+ goto handle_line_error;
+ if (!args_params_check_arg_utf8 (params, 1, NULL, &line_error))
+ goto handle_line_error;
+ setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TLS_CIPHER, params[1]);
+ continue;
+ }
+
if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_KEEPALIVE)) {
gint64 v2;
@@ -1745,6 +1754,8 @@ do_export_create (NMConnection *connection, const char *path, GError **error)
args_write_line_setting_value (f, NMV_OVPN_TAG_CIPHER, s_vpn, NM_OPENVPN_KEY_CIPHER);
+ args_write_line_setting_value (f, NMV_OVPN_TAG_TLS_CIPHER, s_vpn, NM_OPENVPN_KEY_TLS_CIPHER);
+
args_write_line_setting_value_int (f, NMV_OVPN_TAG_KEYSIZE, s_vpn, NM_OPENVPN_KEY_KEYSIZE);
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_COMP_LZO);
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 21f25b5..b204bdb 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -64,6 +64,7 @@
#define NM_OPENVPN_KEY_DEV "dev"
#define NM_OPENVPN_KEY_DEV_TYPE "dev-type"
#define NM_OPENVPN_KEY_TUN_IPV6 "tun-ipv6"
+#define NM_OPENVPN_KEY_TLS_CIPHER "tls-cipher"
#define NM_OPENVPN_KEY_TLS_REMOTE "tls-remote"
#define NM_OPENVPN_KEY_REMOTE_CERT_TLS "remote-cert-tls"
diff --git a/shared/utils.h b/shared/utils.h
index 76491a5..6370871 100644
--- a/shared/utils.h
+++ b/shared/utils.h
@@ -64,6 +64,7 @@
#define NMV_OVPN_TAG_SOCKS_PROXY_RETRY "socks-proxy-retry"
#define NMV_OVPN_TAG_SOCKS_PROXY "socks-proxy"
#define NMV_OVPN_TAG_TLS_AUTH "tls-auth"
+#define NMV_OVPN_TAG_TLS_CIPHER "tls-cipher"
#define NMV_OVPN_TAG_TLS_CLIENT "tls-client"
#define NMV_OVPN_TAG_TLS_REMOTE "tls-remote"
#define NMV_OVPN_TAG_TOPOLOGY "topology"
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 12c6de2..85dc0ba 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -134,6 +134,7 @@ static ValidProperty valid_properties[] = {
{ NM_OPENVPN_KEY_DEV, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_DEV_TYPE, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_TUN_IPV6, G_TYPE_STRING, 0, 0, FALSE },
+ { NM_OPENVPN_KEY_TLS_CIPHER, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_TLS_REMOTE, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_REMOTE_CERT_TLS, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_NS_CERT_TYPE, G_TYPE_STRING, 0, 0, FALSE },
@@ -1331,6 +1332,12 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
add_openvpn_arg (args, tmp);
}
+ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TLS_CIPHER);
+ if (tmp && tmp[0]) {
+ add_openvpn_arg (args, "--tls-cipher");
+ add_openvpn_arg (args, tmp);
+ }
+
/* Keysize */
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEYSIZE);
if (tmp && strlen (tmp)) {
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
