[network-manager-openvpn/th/extra-certs-and-cleanup: 7/13] all: add support for --extra-certs options
- From: Thomas Haller <thaller src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-openvpn/th/extra-certs-and-cleanup: 7/13] all: add support for --extra-certs options
- Date: Fri, 23 Feb 2018 11:55:19 +0000 (UTC)
commit 4d352cb81f6762fb5a5fb003c93e50d54ec92c3a
Author: Thomas Haller <thaller redhat com>
Date: Thu Feb 22 19:07:50 2018 +0100
all: add support for --extra-certs options
By looking at the source code, it seems that openvpn accepts extra-certs
for every configuration type. On the other hand, the manual page groups
the option under TLS Mode, indicating that this only makes sense for
TLS. In the GUI and during export, handle extra-certs only for TLS
connection. When starting openvpn, pass it one whenever it's present
in the connection.
properties/import-export.c | 13 +++++++++++++
properties/nm-openvpn-dialog.ui | 25 +++++++++++++++++++++++++
properties/nm-openvpn-editor.c | 11 +++++++++++
shared/nm-service-defines.h | 1 +
shared/utils.h | 1 +
src/nm-openvpn-service.c | 8 +++++++-
6 files changed, 58 insertions(+), 1 deletions(-)
---
diff --git a/properties/import-export.c b/properties/import-export.c
index 276cf05..278777c 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -40,6 +40,7 @@
#define INLINE_BLOB_CA NMV_OVPN_TAG_CA
#define INLINE_BLOB_CERT NMV_OVPN_TAG_CERT
+#define INLINE_BLOB_EXTRA_CERTS NMV_OVPN_TAG_EXTRA_CERTS
#define INLINE_BLOB_KEY NMV_OVPN_TAG_KEY
#define INLINE_BLOB_PKCS12 NMV_OVPN_TAG_PKCS12
#define INLINE_BLOB_SECRET NMV_OVPN_TAG_SECRET
@@ -1190,6 +1191,7 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
if (NM_IN_STRSET (params[0],
NMV_OVPN_TAG_CA,
NMV_OVPN_TAG_CERT,
+ NMV_OVPN_TAG_EXTRA_CERTS,
NMV_OVPN_TAG_KEY,
NMV_OVPN_TAG_PKCS12,
NMV_OVPN_TAG_SECRET,
@@ -1225,6 +1227,8 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_KEY, file);
} else if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_CA))
setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_CA, file);
+ else if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_EXTRA_CERTS))
+ setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_EXTRA_CERTS, file);
else if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_CERT))
setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_CERT, file);
else if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_KEY))
@@ -1441,6 +1445,8 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
key = NM_OPENVPN_KEY_CERT;
else if (nm_streq (token, INLINE_BLOB_KEY))
key = NM_OPENVPN_KEY_KEY;
+ else if (nm_streq (token, INLINE_BLOB_EXTRA_CERTS))
+ key = NM_OPENVPN_KEY_EXTRA_CERTS;
else if (nm_streq (token, INLINE_BLOB_PKCS12)) {
is_base64 = TRUE;
key = NULL;
@@ -2015,6 +2021,13 @@ do_export_create (NMConnection *connection, const char *path, GError **error)
nm_utils_str_utf8safe_unescape (key, &s_free));
}
+ key = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_EXTRA_CERTS);
+ if (_arg_is_set (key)) {
+ gs_free char *s_free = NULL;
+ args_write_line (f,
+ NMV_OVPN_TAG_EXTRA_CERTS,
+ nm_utils_str_utf8safe_unescape (key, &s_free));
+ }
}
proxy_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_TYPE);
diff --git a/properties/nm-openvpn-dialog.ui b/properties/nm-openvpn-dialog.ui
index 7d5fdcb..368f4e3 100644
--- a/properties/nm-openvpn-dialog.ui
+++ b/properties/nm-openvpn-dialog.ui
@@ -1974,6 +1974,31 @@ config: tls-auth <file> [direction]</property>
<property name="top_attach">0</property>
</packing>
</child>
+ <child>
+ <object class="GtkLabel">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">Extra Certificates:</property>
+ <property name="use_underline">True</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">3</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkFileChooserButton" id="extra_certs_chooser">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="tooltip_text" translatable="yes">Specify a file containing
one or more PEM certs (concatenated together) that complete the local certificate chain.
+config: extra-certs <file></property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">3</property>
+ </packing>
+ </child>
</object>
<packing>
<property name="left_attach">0</property>
diff --git a/properties/nm-openvpn-editor.c b/properties/nm-openvpn-editor.c
index 8d6ff1f..37b313a 100644
--- a/properties/nm-openvpn-editor.c
+++ b/properties/nm-openvpn-editor.c
@@ -688,6 +688,7 @@ static const char *advanced_keys[] = {
NM_OPENVPN_KEY_CONNECT_TIMEOUT,
NM_OPENVPN_KEY_DEV,
NM_OPENVPN_KEY_DEV_TYPE,
+ NM_OPENVPN_KEY_EXTRA_CERTS,
NM_OPENVPN_KEY_FLOAT,
NM_OPENVPN_KEY_FRAGMENT_SIZE,
NM_OPENVPN_KEY_HTTP_PROXY_USERNAME,
@@ -1693,6 +1694,10 @@ advanced_dialog_new (GHashTable *hash, const char *contype)
} else
gtk_combo_box_set_active (GTK_COMBO_BOX (combo), TLS_AUTH_MODE_NONE);
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "extra_certs_chooser"));
+ value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_EXTRA_CERTS);
+ gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), nm_str_not_empty (value));
+
g_signal_connect (G_OBJECT (combo), "changed", G_CALLBACK (tls_auth_toggled_cb), builder);
tls_auth_toggled_cb (combo, builder);
} else {
@@ -2050,6 +2055,12 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
case TLS_AUTH_MODE_NONE:
break;
}
+
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "extra_certs_chooser"));
+ filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
+ if (filename && filename[0])
+ g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_EXTRA_CERTS), g_strdup
(filename));
+ g_free (filename);
}
widget = GTK_WIDGET (gtk_builder_get_object (builder, "ping_checkbutton"));
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 6ce6767..2b4e150 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -37,6 +37,7 @@
#define NM_OPENVPN_KEY_CONNECT_TIMEOUT "connect-timeout"
#define NM_OPENVPN_KEY_DEV "dev"
#define NM_OPENVPN_KEY_DEV_TYPE "dev-type"
+#define NM_OPENVPN_KEY_EXTRA_CERTS "extra-certs"
#define NM_OPENVPN_KEY_FLOAT "float"
#define NM_OPENVPN_KEY_FRAGMENT_SIZE "fragment-size"
#define NM_OPENVPN_KEY_HTTP_PROXY_USERNAME "http-proxy-username"
diff --git a/shared/utils.h b/shared/utils.h
index 7e41ac1..b967b72 100644
--- a/shared/utils.h
+++ b/shared/utils.h
@@ -33,6 +33,7 @@
#define NMV_OVPN_TAG_CONNECT_TIMEOUT "connect-timeout"
#define NMV_OVPN_TAG_DEV "dev"
#define NMV_OVPN_TAG_DEV_TYPE "dev-type"
+#define NMV_OVPN_TAG_EXTRA_CERTS "extra-certs"
#define NMV_OVPN_TAG_FLOAT "float"
#define NMV_OVPN_TAG_FRAGMENT "fragment"
#define NMV_OVPN_TAG_GROUP "group"
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index c8757bd..7bc00d7 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -148,6 +148,7 @@ static const ValidProperty valid_properties[] = {
{ NM_OPENVPN_KEY_COMP_LZO, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_CONNECT_TIMEOUT, G_TYPE_INT, 0, G_MAXINT, FALSE },
{ NM_OPENVPN_KEY_CONNECTION_TYPE, G_TYPE_STRING, 0, 0, FALSE },
+ { NM_OPENVPN_KEY_EXTRA_CERTS, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_FLOAT, G_TYPE_BOOLEAN, 0, 0, FALSE },
{ NM_OPENVPN_KEY_FRAGMENT_SIZE, G_TYPE_INT, 0, G_MAXINT, FALSE },
{ NM_OPENVPN_KEY_KEY, G_TYPE_STRING, 0, 0, FALSE },
@@ -1653,7 +1654,12 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
add_openvpn_arg_utf8safe (args, tmp);
}
-
+ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_EXTRA_CERTS);
+ if (tmp && tmp[0]) {
+ add_openvpn_arg (args, "--extra-certs");
+ add_openvpn_arg_utf8safe (args, tmp);
+ }
+
/* tls-remote */
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TLS_REMOTE);
if (tmp && tmp[0]) {
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
