[network-manager-sstp] Make "Verify certificate and extended key usage", and "Use TLS hostname extension" options persist

From: Eivind Næss <eivnaes src gnome org>
To: commits-list gnome org
Cc:
Subject: [network-manager-sstp] Make "Verify certificate and extended key usage", and "Use TLS hostname extension" options persist
Date: Sat, 30 Apr 2022 02:40:52 +0000 (UTC)
commit 5c53a62fecb7174e5a8da548471b57695644bbaa
Author: Eivind Næss <eivnaes yahoo com>
Date:   Fri Apr 29 19:38:32 2022 -0700

    Make "Verify certificate and extended key usage", and "Use TLS hostname extension" options persist
    
    The default is to not to ignore ceritficate validation issues and enable the TLS hostname extension.
    
    Closes issue #49
    
    Signed-off-by: Eivind Næss <eivnaes yahoo com>

 properties/advanced-dialog.c | 27 ++++++++++++++++++---------
 properties/nm-sstp-dialog.ui |  4 ++--
 2 files changed, 20 insertions(+), 11 deletions(-)
---
diff --git a/properties/advanced-dialog.c b/properties/advanced-dialog.c
index c27eb59..81a2165 100644
--- a/properties/advanced-dialog.c
+++ b/properties/advanced-dialog.c
@@ -154,6 +154,13 @@ advanced_dialog_new_hash_from_connection (NMConnection *connection,
                              g_strdup("yes"));
     }
 
+    /* Default to use tls hostname extensions */
+    if (!g_hash_table_lookup (hash, NM_SSTP_KEY_TLS_EXT_ENABLE)) {
+        g_hash_table_insert (hash,
+                             g_strdup(NM_SSTP_KEY_TLS_EXT_ENABLE),
+                             g_strdup("yes"));
+    }
+
     return hash;
 }
 
@@ -655,10 +662,10 @@ advanced_dialog_new (GHashTable *hash, gboolean is_tls, gchar *subject)
 
     widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_cert_warn_checkbutton"));
     value = g_hash_table_lookup (hash, NM_SSTP_KEY_IGN_CERT_WARN);
-    if (value && !strcmp (value, "yes")) {
+    if (!value || !strcmp (value, "no")) {
         gtk_check_button_set_active (GTK_CHECK_BUTTON (widget), TRUE);
     }
-    
+
     widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_hostext_checkbutton"));
     value = g_hash_table_lookup (hash, NM_SSTP_KEY_TLS_EXT_ENABLE);
     if (value && !strcmp (value, "yes")) {
@@ -839,17 +846,19 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
     }
 
 
-    /* Ignore Certificate Warnings */
+    /* Verify certificate type and extended key usage, if checked the sstp-connection will
+       fail if certificate cannot be validated, otherwise it will ignore the error and connect
+    */
     widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_cert_warn_checkbutton"));
-    if (gtk_check_button_get_active (GTK_CHECK_BUTTON (widget))) {
-        g_hash_table_insert (hash, g_strdup(NM_SSTP_KEY_IGN_CERT_WARN), g_strdup("yes"));
-    }
+    g_hash_table_insert (hash, g_strdup(NM_SSTP_KEY_IGN_CERT_WARN),
+            !gtk_check_button_get_active (GTK_CHECK_BUTTON (widget))
+                    ? g_strdup("yes") : g_strdup("no"));
 
     /* Enable TLS hostname extensions */
     widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_hostext_checkbutton"));
-    if (gtk_check_button_get_active (GTK_CHECK_BUTTON (widget))) {
-        g_hash_table_insert (hash, g_strdup (NM_SSTP_KEY_TLS_EXT_ENABLE), g_strdup ("yes"));
-    }
+    g_hash_table_insert (hash, g_strdup (NM_SSTP_KEY_TLS_EXT_ENABLE),
+            gtk_check_button_get_active (GTK_CHECK_BUTTON (widget))
+                    ? g_strdup ("yes") : g_strdup("no"));
 
     widget = GTK_WIDGET (gtk_builder_get_object (builder, "ppp_auth_methods"));
     model = gtk_tree_view_get_model (GTK_TREE_VIEW (widget));
diff --git a/properties/nm-sstp-dialog.ui b/properties/nm-sstp-dialog.ui
index 7dda6e0..b5601b8 100644
--- a/properties/nm-sstp-dialog.ui
+++ b/properties/nm-sstp-dialog.ui
@@ -576,7 +576,7 @@ config: the first parameter of sstp</property>
                             <property name="tooltip-text" translatable="yes">Require that the peer 
certificate used for outer SSL tunnel was signed with a certificate that has a trusted certificate chain, key 
usage, and extended key usage based on RFC3280 TLS rules.</property>
                             <property name="halign">start</property>
                             <property name="use-underline">True</property>
-                            <property name="active">True</property>
+                            <property name="active">False</property>
                             <property name="draw-indicator">True</property>
                           </object>
                           <packing>
@@ -594,7 +594,7 @@ config: the first parameter of sstp</property>
                             <property name="tooltip-text" translatable="yes">Use the gateway name as 
specified for this connection in the hostname extensions in the SSL tunnel</property>
                             <property name="halign">start</property>
                             <property name="use-underline">True</property>
-                            <property name="active">True</property>
+                            <property name="active">False</property>
                             <property name="draw-indicator">True</property>
                           </object>
                           <packing>
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]