[NetworkManager-openvpn] service: automatically add the "cipher" to the "data-ciphers"
- From: Thomas Haller <thaller src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [NetworkManager-openvpn] service: automatically add the "cipher" to the "data-ciphers"
- Date: Mon, 3 Oct 2022 19:59:35 +0000 (UTC)
commit 020ab0c4b872fa5415ed1a5e682acb3343c7b9f3
Author: Thomas Haller <thaller redhat com>
Date: Mon Oct 3 21:29:22 2022 +0200
service: automatically add the "cipher" to the "data-ciphers"
https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/merge_requests/46#note_1494723
Fixes: 963b71a83ee1 ('Add support for OpenVPN's --data-ciphers')
src/nm-openvpn-service.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
---
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 7fac66b..18600d6 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -1676,6 +1676,22 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
args_add_vpn_data (args, s_vpn, NM_OPENVPN_KEY_DATA_CIPHERS, "--data-ciphers");
+ if (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CIPHER) &&
+ !nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_DATA_CIPHERS) &&
+ openvpn_binary_detect_version_cached (openvpn_binary, &openvpn_binary_version) >=
+ nmovpn_version_encode (2, 5, 0)) {
+ /* Since 2.5, openvpn will warn if "cipher" is set but "data-ciphers" doesn't
+ * contain the cipher. It still used to automatically add the cipher.
+ * Since 2.6, the cipher is no longer automatically added, which is unlikely
+ * what the user wants.
+ *
+ * We automatically add it, so if the user only sets cipher (e.g. when
+ * having an old profile or targeting 2.4) it still works. So ciphers
+ * means something slightly different for the plugin, unless you set
+ * data-ciphers to anything. */
+ args_add_vpn_data (args, s_vpn, NM_OPENVPN_KEY_CIPHER, "--data-ciphers");
+ }
+
args_add_vpn_data (args, s_vpn, NM_OPENVPN_KEY_TLS_CIPHER, "--tls-cipher");
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEYSIZE);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]