diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index a333aeb5bc100d1da970b05502cee515f4d70bde..293db55743b161dbd5b2ba974728e5b11c910d26 100644
--- a/auth-dialog/main.c
+++ b/auth-dialog/main.c
@@ -746,13 +746,25 @@ static gboolean open_webview_idle(gpointer data)
WebKitWebsiteDataManager *dm = NULL;
WebKitCookieManager *cm = NULL;
GString *storage = NULL;
+ char *dont_use_proxy_for_auth;
+ gboolean proxy_for_auth_allowed;
// Create a browser instance
webView = WEBKIT_WEB_VIEW(webkit_web_view_new());
+ dont_use_proxy_for_auth = g_hash_table_lookup(ui_data->options,
+ NM_OPENCONNECT_KEY_DONT_USE_PROXY_AUTH);
+ proxy_for_auth_allowed = dont_use_proxy_for_auth ? !strcmp(dont_use_proxy_for_auth, "no") : TRUE;
+
dm = webkit_web_view_get_website_data_manager(webView);
- if (dm)
+ if (dm) {
cm = webkit_website_data_manager_get_cookie_manager(dm);
+
+ if (!proxy_for_auth_allowed) {
+ // Ensure that proxies won't be used on auth dialog
+ webkit_website_data_manager_set_network_proxy_settings(dm, WEBKIT_NETWORK_PROXY_MODE_NO_PROXY, NULL);
+ }
+ }
if (cm)
storage = g_string_new (g_get_user_data_dir());
if (storage)
diff --git a/gtk4/nm-openconnect-dialog.ui b/gtk4/nm-openconnect-dialog.ui
index 83666d2b4d56d4b1fed422751b450cc50676227c..9979acfe9bd1c6c36bd4637f19bb78c57a8529a5 100644
--- a/gtk4/nm-openconnect-dialog.ui
+++ b/gtk4/nm-openconnect-dialog.ui
@@ -266,6 +266,18 @@ You should only select this option if your connection is unreliable or non-funct
1
+
+
+
@@ -292,7 +304,7 @@ You should only select this option if your connection is unreliable or non-funct
token_mode
0
- 15
+ 16
@@ -310,7 +322,7 @@ You should only select this option if your connection is unreliable or non-funct
1
- 15
+ 16
@@ -324,7 +336,7 @@ You should only select this option if your connection is unreliable or non-funct
0
0
- 16
+ 17
diff --git a/properties/nm-openconnect-dialog.ui b/properties/nm-openconnect-dialog.ui
index c10d90714423150e18e05cf9435a6b088f3c8b27..3c2a8394ec2a8e36b74a7a4080f1e8a391eaee13 100644
--- a/properties/nm-openconnect-dialog.ui
+++ b/properties/nm-openconnect-dialog.ui
@@ -393,6 +393,23 @@ You should only select this option if your connection is unreliable or non-funct
True
+
+
+
+ 0
+ 14
+ 2
+
+
0
- 14
+ 15
2
@@ -435,7 +452,7 @@ You should only select this option if your connection is unreliable or non-funct
0
- 15
+ 16
@@ -453,7 +470,7 @@ You should only select this option if your connection is unreliable or non-funct
1
- 15
+ 16
@@ -475,7 +492,7 @@ You should only select this option if your connection is unreliable or non-funct
0
- 16
+ 17
diff --git a/properties/nm-openconnect-editor-plugin.c b/properties/nm-openconnect-editor-plugin.c
index 9cc5177cc1749747e14ed546a3ef7feaf3e6086b..2dcb19fd2b747f61858dbf97ed18d738519b2c36 100644
--- a/properties/nm-openconnect-editor-plugin.c
+++ b/properties/nm-openconnect-editor-plugin.c
@@ -285,6 +285,11 @@ import (NMVpnEditorPlugin *iface, const char *path, GError **error)
if (bval)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_DISABLE_UDP, "yes");
+ /* Don't use system proxy settings during authentication */
+ bval = g_key_file_get_boolean (keyfile, "openconnect", "DontUseProxyAuth", NULL);
+ if (bval)
+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_DONT_USE_PROXY_AUTH, "yes");
+
/* Soft token mode */
buf = g_key_file_get_string (keyfile, "openconnect", "StokenSource", NULL);
if (buf)
@@ -407,6 +412,10 @@ export (NMVpnEditorPlugin *iface,
if (value && !strcmp (value, "yes"))
disable_udp = TRUE;
+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_DONT_USE_PROXY_AUTH);
+ if (value && !strcmp (value, "yes"))
+ prevent_invalid_cert = TRUE;
+
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_TOKEN_MODE);
if (value && strlen (value))
token_mode = value;
diff --git a/properties/nm-openconnect-editor.c b/properties/nm-openconnect-editor.c
index 793f6c7fc01e613c80805a9fed1f9b4c453817ce..a76868f8419ad2bee45aae1d88969178ee0fe272 100644
--- a/properties/nm-openconnect-editor.c
+++ b/properties/nm-openconnect-editor.c
@@ -404,6 +404,16 @@ init_editor_plugin (OpenconnectEditor *self, NMConnection *connection, GError **
}
g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);
+ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "dont_use_proxy_auth"));
+ g_return_val_if_fail (widget, FALSE);
+
+ if (s_vpn) {
+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_DONT_USE_PROXY_AUTH);
+ if (value && !strcmp(value, "yes"))
+ gtk_check_button_set_active (GTK_CHECK_BUTTON (widget), TRUE);
+ }
+ g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);
+
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "csd_button"));
g_return_val_if_fail (widget, FALSE);
@@ -526,6 +536,10 @@ update_connection (NMVpnEditor *iface,
str = gtk_check_button_get_active(GTK_CHECK_BUTTON (widget))?"yes":"no";
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_DISABLE_UDP, str);
+ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "dont_use_proxy_auth"));
+ str = gtk_check_button_get_active (GTK_CHECK_BUTTON (widget))?"yes":"no";
+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_DONT_USE_PROXY_AUTH, str);
+
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "csd_button"));
str = gtk_check_button_get_active (GTK_CHECK_BUTTON (widget))?"yes":"no";
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_CSD_ENABLE, str);
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index dc88a4f56644bac0d420fe030bfe4fe84cc59a15..65971b13eb439a6cc261f815caf89ecf91047302 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -44,6 +44,7 @@
#define NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID "pem_passphrase_fsid"
#define NM_OPENCONNECT_KEY_PREVENT_INVALID_CERT "prevent_invalid_cert"
#define NM_OPENCONNECT_KEY_DISABLE_UDP "disable_udp"
+#define NM_OPENCONNECT_KEY_DONT_USE_PROXY_AUTH "dont_use_proxy_auth"
#define NM_OPENCONNECT_KEY_PROTOCOL "protocol"
#define NM_OPENCONNECT_KEY_PROXY "proxy"
#define NM_OPENCONNECT_KEY_CSD_ENABLE "enable_csd_trojan"
diff --git a/src/nm-openconnect-service.c b/src/nm-openconnect-service.c
index 00055347978a3cb666eed0dabeb7cc1800be821a..e22d2233d6108b0f880fc3c8c11eeb373ce66c98 100644
--- a/src/nm-openconnect-service.c
+++ b/src/nm-openconnect-service.c
@@ -89,6 +89,7 @@ static const ValidProperty valid_properties[] = {
{ NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID, G_TYPE_BOOLEAN, 0, 0 },
{ NM_OPENCONNECT_KEY_PREVENT_INVALID_CERT, G_TYPE_BOOLEAN, 0, 0 },
{ NM_OPENCONNECT_KEY_DISABLE_UDP, G_TYPE_BOOLEAN, 0, 0 },
+ { NM_OPENCONNECT_KEY_DONT_USE_PROXY_AUTH, G_TYPE_BOOLEAN, 0, 0 },
{ NM_OPENCONNECT_KEY_PROTOCOL, G_TYPE_STRING, 0, 0 },
{ NM_OPENCONNECT_KEY_PROXY, G_TYPE_STRING, 0, 0 },
{ NM_OPENCONNECT_KEY_CSD_ENABLE, G_TYPE_BOOLEAN, 0, 0 },