[network-manager-openvpn/bg/tls-crypt: 2/4] openvpn: Add support for tls-crypt
- From: Beniamino Galvani <bgalvani src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-openvpn/bg/tls-crypt: 2/4] openvpn: Add support for tls-crypt
- Date: Thu, 11 May 2017 15:24:34 +0000 (UTC)
commit fa4438209d35fdf008bb2bf253ef928d134ce64c
Author: Pau Espin Pedrol <pespin shar gmail com>
Date: Sun Jan 29 04:15:10 2017 +0100
openvpn: Add support for tls-crypt
Signed-off-by: Pau Espin Pedrol <pespin shar gmail com>
properties/import-export.c | 18 +++++++++++-------
shared/utils.h | 1 +
src/nm-openvpn-service.c | 15 +++++++++------
3 files changed, 21 insertions(+), 13 deletions(-)
---
diff --git a/properties/import-export.c b/properties/import-export.c
index 54ff342..c5cae86 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -44,6 +44,7 @@
#define INLINE_BLOB_PKCS12 "pkcs12"
#define INLINE_BLOB_SECRET "secret"
#define INLINE_BLOB_TLS_AUTH "tls-auth"
+#define INLINE_BLOB_TLS_CRYPT "tls-crypt"
const char *_nmovpn_test_temp_path = NULL;
@@ -1155,7 +1156,8 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
NMV_OVPN_TAG_CERT,
NMV_OVPN_TAG_KEY,
NMV_OVPN_TAG_SECRET,
- NMV_OVPN_TAG_TLS_AUTH)) {
+ NMV_OVPN_TAG_TLS_AUTH,
+ NMV_OVPN_TAG_TLS_CRYPT)) {
const char *file;
gs_free char *file_free = NULL;
gboolean can_have_direction;
@@ -1196,7 +1198,7 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
if (s_direction)
setting_vpn_add_data_item (s_vpn,
NM_OPENVPN_KEY_STATIC_KEY_DIRECTION, s_direction);
have_sk = TRUE;
- } else if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_TLS_AUTH)) {
+ } else if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_TLS_AUTH, NMV_OVPN_TAG_TLS_CRYPT)) {
setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_TA, file);
if (s_direction)
setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR, s_direction);
@@ -1403,7 +1405,9 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
else if (nm_streq (token, INLINE_BLOB_PKCS12)) {
is_base64 = TRUE;
key = NULL;
- } else if (nm_streq (token, INLINE_BLOB_TLS_AUTH)) {
+ } else if (nm_streq (token, INLINE_BLOB_TLS_CRYPT))
+ key = NM_OPENVPN_KEY_TA;
+ else if (nm_streq (token, INLINE_BLOB_TLS_AUTH)) {
key = NM_OPENVPN_KEY_TA;
can_have_direction = TRUE;
} else if (nm_streq (token, INLINE_BLOB_SECRET)) {
@@ -1959,11 +1963,12 @@ do_export_create (NMConnection *connection, const char *path, GError **error)
ta_key = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA);
if (_arg_is_set (ta_key)) {
gs_free char *s_free = NULL;
-
+ const char *ta_dir = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR);
+ const char *tls_type = _arg_is_set (ta_dir) ? NMV_OVPN_TAG_TLS_AUTH :
NMV_OVPN_TAG_TLS_CRYPT;
args_write_line (f,
- NMV_OVPN_TAG_TLS_AUTH,
+ tls_type,
nmv_utils_str_utf8safe_unescape_c (ta_key, &s_free),
- _arg_is_set (nm_setting_vpn_get_data_item (s_vpn,
NM_OPENVPN_KEY_TA_DIR)));
+ _arg_is_set (ta_dir));
}
}
@@ -2104,4 +2109,3 @@ do_export (const char *path, NMConnection *connection, GError **error)
return TRUE;
}
-
diff --git a/shared/utils.h b/shared/utils.h
index 61b35b6..05b8076 100644
--- a/shared/utils.h
+++ b/shared/utils.h
@@ -67,6 +67,7 @@
#define NMV_OVPN_TAG_TLS_AUTH "tls-auth"
#define NMV_OVPN_TAG_TLS_CIPHER "tls-cipher"
#define NMV_OVPN_TAG_TLS_CLIENT "tls-client"
+#define NMV_OVPN_TAG_TLS_CRYPT "tls-crypt"
#define NMV_OVPN_TAG_TLS_REMOTE "tls-remote"
#define NMV_OVPN_TAG_TOPOLOGY "topology"
#define NMV_OVPN_TAG_TUN_IPV6 "tun-ipv6"
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index fc29006..4dbf196 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -1579,12 +1579,15 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
/* TA */
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA);
if (tmp && tmp[0]) {
- add_openvpn_arg (args, "--tls-auth");
- add_openvpn_arg_utf8safe (args, tmp);
-
- tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR);
- if (tmp && tmp[0])
- add_openvpn_arg (args, tmp);
+ tmp2 = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR);
+ if (tmp2 && strlen (tmp2)) {
+ add_openvpn_arg (args, "--tls-auth");
+ add_openvpn_arg_utf8safe (args, tmp);
+ add_openvpn_arg (args, tmp2);
+ } else {
+ add_openvpn_arg (args, "--tls-crypt");
+ add_openvpn_arg_utf8safe (args, tmp);
+ }
}
/* tls-remote */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]