Commit 9a947755 authored by Thomas Haller's avatar Thomas Haller

all: merge branch 'th/extra-certs-and-cleanup'

https://bugzilla.gnome.org/show_bug.cgi?id=793746
parents fb5c8008 e0b0f9f9
......@@ -38,24 +38,19 @@
#include "nm-utils/nm-shared-utils.h"
#define INLINE_BLOB_CA "ca"
#define INLINE_BLOB_CERT "cert"
#define INLINE_BLOB_KEY "key"
#define INLINE_BLOB_PKCS12 "pkcs12"
#define INLINE_BLOB_SECRET "secret"
#define INLINE_BLOB_TLS_AUTH "tls-auth"
#define INLINE_BLOB_TLS_CRYPT "tls-crypt"
#define INLINE_BLOB_CA NMV_OVPN_TAG_CA
#define INLINE_BLOB_CERT NMV_OVPN_TAG_CERT
#define INLINE_BLOB_EXTRA_CERTS NMV_OVPN_TAG_EXTRA_CERTS
#define INLINE_BLOB_KEY NMV_OVPN_TAG_KEY
#define INLINE_BLOB_PKCS12 NMV_OVPN_TAG_PKCS12
#define INLINE_BLOB_SECRET NMV_OVPN_TAG_SECRET
#define INLINE_BLOB_TLS_AUTH NMV_OVPN_TAG_TLS_AUTH
#define INLINE_BLOB_TLS_CRYPT NMV_OVPN_TAG_TLS_CRYPT
const char *_nmovpn_test_temp_path = NULL;
/*****************************************************************************/
static const char *
_arg_is_set (const char *value)
{
return (value && value[0]) ? value : NULL;
}
static void
_auto_free_gstring_p (GString **ptr)
{
......@@ -1188,13 +1183,14 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
}
if (NM_IN_STRSET (params[0],
NMV_OVPN_TAG_PKCS12,
NMV_OVPN_TAG_CA,
NMV_OVPN_TAG_CERT,
NMV_OVPN_TAG_KEY,
NMV_OVPN_TAG_SECRET,
NMV_OVPN_TAG_TLS_AUTH,
NMV_OVPN_TAG_TLS_CRYPT)) {
NMV_OVPN_TAG_CA,
NMV_OVPN_TAG_CERT,
NMV_OVPN_TAG_EXTRA_CERTS,
NMV_OVPN_TAG_KEY,
NMV_OVPN_TAG_PKCS12,
NMV_OVPN_TAG_SECRET,
NMV_OVPN_TAG_TLS_AUTH,
NMV_OVPN_TAG_TLS_CRYPT)) {
const char *file;
gs_free char *file_free = NULL;
gboolean can_have_direction;
......@@ -1225,6 +1221,8 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_KEY, file);
} else if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_CA))
setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_CA, file);
else if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_EXTRA_CERTS))
setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_EXTRA_CERTS, file);
else if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_CERT))
setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_CERT, file);
else if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_KEY))
......@@ -1441,6 +1439,8 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
key = NM_OPENVPN_KEY_CERT;
else if (nm_streq (token, INLINE_BLOB_KEY))
key = NM_OPENVPN_KEY_KEY;
else if (nm_streq (token, INLINE_BLOB_EXTRA_CERTS))
key = NM_OPENVPN_KEY_EXTRA_CERTS;
else if (nm_streq (token, INLINE_BLOB_PKCS12)) {
is_base64 = TRUE;
key = NULL;
......@@ -1750,7 +1750,7 @@ args_write_line_setting_value_int (GString *f,
nm_assert (setting_key && setting_key[0]);
value = nm_setting_vpn_get_data_item (s_vpn, setting_key);
if (!_arg_is_set (value))
if (!nmovpn_arg_is_set (value))
return;
v = _nm_utils_ascii_str_to_int64 (value, 10, G_MININT64, G_MAXINT64, 0);
......@@ -1768,7 +1768,7 @@ args_write_line_setting_value (GString *f,
const char *value;
value = nm_setting_vpn_get_data_item (s_vpn, setting_key);
if (_arg_is_set (value))
if (nmovpn_arg_is_set (value))
args_write_line (f, tag_key, value);
}
......@@ -1808,7 +1808,7 @@ do_export_create (NMConnection *connection, const char *path, GError **error)
return NULL;
}
gateways = _arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE));
gateways = nmovpn_arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE));
if (!gateways) {
g_set_error_literal (error,
NMV_EDITOR_PLUGIN_ERROR,
......@@ -1817,7 +1817,7 @@ do_export_create (NMConnection *connection, const char *path, GError **error)
return NULL;
}
connection_type = _arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE));
connection_type = nmovpn_arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE));
f = g_string_sized_new (512);
......@@ -1860,18 +1860,18 @@ do_export_create (NMConnection *connection, const char *path, GError **error)
NM_OPENVPN_CONTYPE_PASSWORD,
NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CA);
if (_arg_is_set (value))
if (nmovpn_arg_is_set (value))
cacert = nm_utils_str_utf8safe_unescape (value, &cacert_free);
}
if (NM_IN_STRSET (connection_type, NM_OPENVPN_CONTYPE_TLS,
NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CERT);
if (_arg_is_set (value))
if (nmovpn_arg_is_set (value))
user_cert = nm_utils_str_utf8safe_unescape (value, &user_cert_free);
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY);
if (_arg_is_set (value))
if (nmovpn_arg_is_set (value))
private_key = nm_utils_str_utf8safe_unescape (value, &private_key_free);
}
......@@ -1895,13 +1895,13 @@ do_export_create (NMConnection *connection, const char *path, GError **error)
if (NM_IN_STRSET (connection_type, NM_OPENVPN_CONTYPE_STATIC_KEY)) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY);
if (_arg_is_set (value)) {
if (nmovpn_arg_is_set (value)) {
gs_free char *s_free = NULL;
args_write_line (f,
NMV_OVPN_TAG_SECRET,
nm_utils_str_utf8safe_unescape (value, &s_free),
_arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY_DIRECTION)));
nmovpn_arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY_DIRECTION)));
}
}
......@@ -1943,8 +1943,8 @@ do_export_create (NMConnection *connection, const char *path, GError **error)
gs_free char *device_free = NULL;
const char *device_type, *device;
device_type = _arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_DEV_TYPE));
device = _arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_DEV));
device_type = nmovpn_arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_DEV_TYPE));
device = nmovpn_arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_DEV));
device = nm_utils_str_utf8safe_unescape (device, &device_free);
args_write_line (f,
NMV_OVPN_TAG_DEV,
......@@ -1969,8 +1969,8 @@ do_export_create (NMConnection *connection, const char *path, GError **error)
args_write_line_setting_value_int (f, NMV_OVPN_TAG_PING_RESTART, s_vpn, NM_OPENVPN_KEY_PING_RESTART);
local_ip = _arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_LOCAL_IP));
remote_ip = _arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_IP));
local_ip = nmovpn_arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_LOCAL_IP));
remote_ip = nmovpn_arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_IP));
if (local_ip && remote_ip)
args_write_line (f, NMV_OVPN_TAG_IFCONFIG, local_ip, remote_ip);
......@@ -1984,7 +1984,7 @@ do_export_create (NMConnection *connection, const char *path, GError **error)
args_write_line_setting_value (f, NMV_OVPN_TAG_TLS_REMOTE, s_vpn, NM_OPENVPN_KEY_TLS_REMOTE);
x509_name = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_VERIFY_X509_NAME);
if (_arg_is_set (x509_name)) {
if (nmovpn_arg_is_set (x509_name)) {
const char *name;
gs_free char *type = NULL;
......@@ -1999,26 +1999,33 @@ do_export_create (NMConnection *connection, const char *path, GError **error)
}
key = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA);
if (_arg_is_set (key)) {
if (nmovpn_arg_is_set (key)) {
gs_free char *s_free = NULL;
args_write_line (f,
NMV_OVPN_TAG_TLS_AUTH,
nm_utils_str_utf8safe_unescape (key, &s_free),
_arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR)));
nmovpn_arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR)));
}
key = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TLS_CRYPT);
if (_arg_is_set (key)) {
if (nmovpn_arg_is_set (key)) {
gs_free char *s_free = NULL;
args_write_line (f,
NMV_OVPN_TAG_TLS_CRYPT,
nm_utils_str_utf8safe_unescape (key, &s_free));
}
key = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_EXTRA_CERTS);
if (nmovpn_arg_is_set (key)) {
gs_free char *s_free = NULL;
args_write_line (f,
NMV_OVPN_TAG_EXTRA_CERTS,
nm_utils_str_utf8safe_unescape (key, &s_free));
}
}
proxy_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_TYPE);
if (_arg_is_set (proxy_type)) {
if (nmovpn_arg_is_set (proxy_type)) {
const char *proxy_server;
const char *proxy_port;
const char *proxy_retry;
......
......@@ -1899,8 +1899,8 @@ config: ns-cert-type client|server</property>
<object class="GtkFileChooserButton" id="tls_auth_chooser">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="tooltip_text" translatable="yes">Add an additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks.
config: tls-auth &lt;file&gt; [direction]</property>
<property name="tooltip_text" translatable="yes">Add an additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks. In case of TLS-Crypt mode, the control channal is also encrypted.
config: tls-auth &lt;file&gt; [direction] | tls-crypt &lt;file&gt;</property>
<property name="hexpand">True</property>
</object>
<packing>
......@@ -1946,7 +1946,8 @@ config: tls-auth &lt;file&gt; [direction]</property>
<object class="GtkLabel">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="yes">Mode</property>
<property name="label" translatable="yes">Mode:</property>
<property name="xalign">1</property>
</object>
<packing>
<property name="left_attach">0</property>
......@@ -1973,6 +1974,31 @@ config: tls-auth &lt;file&gt; [direction]</property>
<property name="top_attach">0</property>
</packing>
</child>
<child>
<object class="GtkLabel">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="yes">Extra Certificates:</property>
<property name="use_underline">True</property>
<property name="xalign">1</property>
</object>
<packing>
<property name="left_attach">0</property>
<property name="top_attach">3</property>
</packing>
</child>
<child>
<object class="GtkFileChooserButton" id="extra_certs_chooser">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="tooltip_text" translatable="yes">Specify a file containing one or more PEM certs (concatenated together) that complete the local certificate chain.
config: extra-certs &lt;file&gt;</property>
</object>
<packing>
<property name="left_attach">1</property>
<property name="top_attach">3</property>
</packing>
</child>
</object>
<packing>
<property name="left_attach">0</property>
......
......@@ -682,40 +682,41 @@ sk_file_chooser_filter_new (void)
}
static const char *advanced_keys[] = {
NM_OPENVPN_KEY_PORT,
NM_OPENVPN_KEY_AUTH,
NM_OPENVPN_KEY_CIPHER,
NM_OPENVPN_KEY_COMP_LZO,
NM_OPENVPN_KEY_MSSFIX,
NM_OPENVPN_KEY_FLOAT,
NM_OPENVPN_KEY_TUNNEL_MTU,
NM_OPENVPN_KEY_FRAGMENT_SIZE,
NM_OPENVPN_KEY_TAP_DEV,
NM_OPENVPN_KEY_CONNECT_TIMEOUT,
NM_OPENVPN_KEY_DEV,
NM_OPENVPN_KEY_DEV_TYPE,
NM_OPENVPN_KEY_EXTRA_CERTS,
NM_OPENVPN_KEY_FLOAT,
NM_OPENVPN_KEY_FRAGMENT_SIZE,
NM_OPENVPN_KEY_HTTP_PROXY_USERNAME,
NM_OPENVPN_KEY_KEYSIZE,
NM_OPENVPN_KEY_MAX_ROUTES,
NM_OPENVPN_KEY_MSSFIX,
NM_OPENVPN_KEY_MTU_DISC,
NM_OPENVPN_KEY_NS_CERT_TYPE,
NM_OPENVPN_KEY_PING,
NM_OPENVPN_KEY_PING_EXIT,
NM_OPENVPN_KEY_PING_RESTART,
NM_OPENVPN_KEY_PORT,
NM_OPENVPN_KEY_PROTO_TCP,
NM_OPENVPN_KEY_PROXY_TYPE,
NM_OPENVPN_KEY_PROXY_SERVER,
NM_OPENVPN_KEY_PROXY_PORT,
NM_OPENVPN_KEY_PROXY_RETRY,
NM_OPENVPN_KEY_HTTP_PROXY_USERNAME,
NM_OPENVPN_KEY_CIPHER,
NM_OPENVPN_KEY_KEYSIZE,
NM_OPENVPN_KEY_AUTH,
NM_OPENVPN_KEY_TA_DIR,
NM_OPENVPN_KEY_PROXY_SERVER,
NM_OPENVPN_KEY_PROXY_TYPE,
NM_OPENVPN_KEY_REMOTE_CERT_TLS,
NM_OPENVPN_KEY_REMOTE_RANDOM,
NM_OPENVPN_KEY_RENEG_SECONDS,
NM_OPENVPN_KEY_TA,
NM_OPENVPN_KEY_TAP_DEV,
NM_OPENVPN_KEY_TA_DIR,
NM_OPENVPN_KEY_TLS_CRYPT,
NM_OPENVPN_KEY_RENEG_SECONDS,
NM_OPENVPN_KEY_TLS_REMOTE,
NM_OPENVPN_KEY_VERIFY_X509_NAME,
NM_OPENVPN_KEY_REMOTE_RANDOM,
NM_OPENVPN_KEY_TUNNEL_MTU,
NM_OPENVPN_KEY_TUN_IPV6,
NM_OPENVPN_KEY_REMOTE_CERT_TLS,
NM_OPENVPN_KEY_NS_CERT_TYPE,
NM_OPENVPN_KEY_PING,
NM_OPENVPN_KEY_PING_EXIT,
NM_OPENVPN_KEY_PING_RESTART,
NM_OPENVPN_KEY_MAX_ROUTES,
NM_OPENVPN_KEY_MTU_DISC,
NM_OPENVPN_KEY_CONNECT_TIMEOUT,
NM_OPENVPN_KEY_VERIFY_X509_NAME,
NULL
};
......@@ -1693,6 +1694,10 @@ advanced_dialog_new (GHashTable *hash, const char *contype)
} else
gtk_combo_box_set_active (GTK_COMBO_BOX (combo), TLS_AUTH_MODE_NONE);
widget = GTK_WIDGET (gtk_builder_get_object (builder, "extra_certs_chooser"));
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_EXTRA_CERTS);
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), nm_str_not_empty (value));
g_signal_connect (G_OBJECT (combo), "changed", G_CALLBACK (tls_auth_toggled_cb), builder);
tls_auth_toggled_cb (combo, builder);
} else {
......@@ -2050,6 +2055,12 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
case TLS_AUTH_MODE_NONE:
break;
}
widget = GTK_WIDGET (gtk_builder_get_object (builder, "extra_certs_chooser"));
filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
if (filename && filename[0])
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_EXTRA_CERTS), g_strdup (filename));
g_free (filename);
}
widget = GTK_WIDGET (gtk_builder_get_object (builder, "ping_checkbutton"));
......
......@@ -32,13 +32,19 @@
#define NM_OPENVPN_KEY_CA "ca"
#define NM_OPENVPN_KEY_CERT "cert"
#define NM_OPENVPN_KEY_CIPHER "cipher"
#define NM_OPENVPN_KEY_KEYSIZE "keysize"
#define NM_OPENVPN_KEY_COMP_LZO "comp-lzo"
#define NM_OPENVPN_KEY_CONNECTION_TYPE "connection-type"
#define NM_OPENVPN_KEY_CONNECT_TIMEOUT "connect-timeout"
#define NM_OPENVPN_KEY_DEV "dev"
#define NM_OPENVPN_KEY_DEV_TYPE "dev-type"
#define NM_OPENVPN_KEY_EXTRA_CERTS "extra-certs"
#define NM_OPENVPN_KEY_FLOAT "float"
#define NM_OPENVPN_KEY_FRAGMENT_SIZE "fragment-size"
#define NM_OPENVPN_KEY_HTTP_PROXY_USERNAME "http-proxy-username"
#define NM_OPENVPN_KEY_KEY "key"
#define NM_OPENVPN_KEY_KEYSIZE "keysize"
#define NM_OPENVPN_KEY_LOCAL_IP "local-ip" /* ??? */
#define NM_OPENVPN_KEY_MAX_ROUTES "max-routes"
#define NM_OPENVPN_KEY_MSSFIX "mssfix"
#define NM_OPENVPN_KEY_MTU_DISC "mtu-disc"
#define NM_OPENVPN_KEY_NS_CERT_TYPE "ns-cert-type"
......@@ -47,31 +53,27 @@
#define NM_OPENVPN_KEY_PING_RESTART "ping-restart"
#define NM_OPENVPN_KEY_PORT "port"
#define NM_OPENVPN_KEY_PROTO_TCP "proto-tcp"
#define NM_OPENVPN_KEY_PROXY_TYPE "proxy-type"
#define NM_OPENVPN_KEY_PROXY_SERVER "proxy-server"
#define NM_OPENVPN_KEY_PROXY_PORT "proxy-port"
#define NM_OPENVPN_KEY_PROXY_RETRY "proxy-retry"
#define NM_OPENVPN_KEY_HTTP_PROXY_USERNAME "http-proxy-username"
#define NM_OPENVPN_KEY_PROXY_SERVER "proxy-server"
#define NM_OPENVPN_KEY_PROXY_TYPE "proxy-type"
#define NM_OPENVPN_KEY_REMOTE "remote"
#define NM_OPENVPN_KEY_REMOTE_RANDOM "remote-random"
#define NM_OPENVPN_KEY_REMOTE_CERT_TLS "remote-cert-tls"
#define NM_OPENVPN_KEY_REMOTE_IP "remote-ip"
#define NM_OPENVPN_KEY_REMOTE_RANDOM "remote-random"
#define NM_OPENVPN_KEY_RENEG_SECONDS "reneg-seconds"
#define NM_OPENVPN_KEY_STATIC_KEY "static-key"
#define NM_OPENVPN_KEY_STATIC_KEY_DIRECTION "static-key-direction"
#define NM_OPENVPN_KEY_TA "ta"
#define NM_OPENVPN_KEY_TA_DIR "ta-dir"
#define NM_OPENVPN_KEY_TUNNEL_MTU "tunnel-mtu"
#define NM_OPENVPN_KEY_USERNAME "username"
#define NM_OPENVPN_KEY_TAP_DEV "tap-dev"
#define NM_OPENVPN_KEY_DEV "dev"
#define NM_OPENVPN_KEY_DEV_TYPE "dev-type"
#define NM_OPENVPN_KEY_TUN_IPV6 "tun-ipv6"
#define NM_OPENVPN_KEY_TA_DIR "ta-dir"
#define NM_OPENVPN_KEY_TLS_CIPHER "tls-cipher"
#define NM_OPENVPN_KEY_TLS_CRYPT "tls-crypt"
#define NM_OPENVPN_KEY_TLS_REMOTE "tls-remote"
#define NM_OPENVPN_KEY_TUNNEL_MTU "tunnel-mtu"
#define NM_OPENVPN_KEY_TUN_IPV6 "tun-ipv6"
#define NM_OPENVPN_KEY_USERNAME "username"
#define NM_OPENVPN_KEY_VERIFY_X509_NAME "verify-x509-name"
#define NM_OPENVPN_KEY_REMOTE_CERT_TLS "remote-cert-tls"
#define NM_OPENVPN_KEY_MAX_ROUTES "max-routes"
#define NM_OPENVPN_KEY_CONNECT_TIMEOUT "connect-timeout"
#define NM_OPENVPN_KEY_PASSWORD "password"
#define NM_OPENVPN_KEY_CERTPASS "cert-pass"
......@@ -81,22 +83,21 @@
*/
#define NM_OPENVPN_KEY_NOSECRET "no-secret"
#define NM_OPENVPN_KEY_RENEG_SECONDS "reneg-seconds"
#define NM_OPENVPN_AUTH_MD5 "MD5"
#define NM_OPENVPN_AUTH_NONE "none"
#define NM_OPENVPN_AUTH_RIPEMD160 "RIPEMD160"
#define NM_OPENVPN_AUTH_RSA_MD4 "RSA-MD4"
#define NM_OPENVPN_AUTH_MD5 "MD5"
#define NM_OPENVPN_AUTH_SHA1 "SHA1"
#define NM_OPENVPN_AUTH_SHA224 "SHA224"
#define NM_OPENVPN_AUTH_SHA256 "SHA256"
#define NM_OPENVPN_AUTH_SHA384 "SHA384"
#define NM_OPENVPN_AUTH_SHA512 "SHA512"
#define NM_OPENVPN_AUTH_RIPEMD160 "RIPEMD160"
#define NM_OPENVPN_CONTYPE_TLS "tls"
#define NM_OPENVPN_CONTYPE_STATIC_KEY "static-key"
#define NM_OPENVPN_CONTYPE_PASSWORD "password"
#define NM_OPENVPN_CONTYPE_PASSWORD_TLS "password-tls"
#define NM_OPENVPN_CONTYPE_STATIC_KEY "static-key"
#define NM_OPENVPN_CONTYPE_TLS "tls"
/* arguments of "--remote-cert-tls" */
#define NM_OPENVPN_REM_CERT_TLS_CLIENT "client"
......@@ -107,9 +108,9 @@
#define NM_OPENVPN_NS_CERT_TYPE_SERVER "server"
/* possible types for verify-x509-name */
#define NM_OPENVPN_VERIFY_X509_NAME_TYPE_SUBJECT "subject"
#define NM_OPENVPN_VERIFY_X509_NAME_TYPE_NAME "name"
#define NM_OPENVPN_VERIFY_X509_NAME_TYPE_NAME_PREFIX "name-prefix"
#define NM_OPENVPN_VERIFY_X509_NAME_TYPE_SUBJECT "subject"
/* User name and group to run nm-openvpn-service under */
#define NM_OPENVPN_USER "nm-openvpn"
......
......@@ -33,6 +33,7 @@
#define NMV_OVPN_TAG_CONNECT_TIMEOUT "connect-timeout"
#define NMV_OVPN_TAG_DEV "dev"
#define NMV_OVPN_TAG_DEV_TYPE "dev-type"
#define NMV_OVPN_TAG_EXTRA_CERTS "extra-certs"
#define NMV_OVPN_TAG_FLOAT "float"
#define NMV_OVPN_TAG_FRAGMENT "fragment"
#define NMV_OVPN_TAG_GROUP "group"
......@@ -40,9 +41,9 @@
#define NMV_OVPN_TAG_HTTP_PROXY_RETRY "http-proxy-retry"
#define NMV_OVPN_TAG_IFCONFIG "ifconfig"
#define NMV_OVPN_TAG_KEEPALIVE "keepalive"
#define NMV_OVPN_TAG_KEY_DIRECTION "key-direction"
#define NMV_OVPN_TAG_KEY "key"
#define NMV_OVPN_TAG_KEYSIZE "keysize"
#define NMV_OVPN_TAG_KEY_DIRECTION "key-direction"
#define NMV_OVPN_TAG_MAX_ROUTES "max-routes"
#define NMV_OVPN_TAG_MSSFIX "mssfix"
#define NMV_OVPN_TAG_MTU_DISC "mtu-disc"
......@@ -50,23 +51,23 @@
#define NMV_OVPN_TAG_NS_CERT_TYPE "ns-cert-type"
#define NMV_OVPN_TAG_PERSIST_KEY "persist-key"
#define NMV_OVPN_TAG_PERSIST_TUN "persist-tun"
#define NMV_OVPN_TAG_PING_EXIT "ping-exit"
#define NMV_OVPN_TAG_PING "ping"
#define NMV_OVPN_TAG_PING_EXIT "ping-exit"
#define NMV_OVPN_TAG_PING_RESTART "ping-restart"
#define NMV_OVPN_TAG_PKCS12 "pkcs12"
#define NMV_OVPN_TAG_PORT "port"
#define NMV_OVPN_TAG_PROTO "proto"
#define NMV_OVPN_TAG_REMOTE "remote"
#define NMV_OVPN_TAG_REMOTE_CERT_TLS "remote-cert-tls"
#define NMV_OVPN_TAG_REMOTE_RANDOM "remote-random"
#define NMV_OVPN_TAG_REMOTE "remote"
#define NMV_OVPN_TAG_RENEG_SEC "reneg-sec"
#define NMV_OVPN_TAG_ROUTE "route"
#define NMV_OVPN_TAG_RPORT "rport"
#define NMV_OVPN_TAG_SCRIPT_SECURITY "script-security"
#define NMV_OVPN_TAG_SECRET "secret"
#define NMV_OVPN_TAG_SERVER_POLL_TIMEOUT "server-poll-timeout"
#define NMV_OVPN_TAG_SOCKS_PROXY_RETRY "socks-proxy-retry"
#define NMV_OVPN_TAG_SOCKS_PROXY "socks-proxy"
#define NMV_OVPN_TAG_SOCKS_PROXY_RETRY "socks-proxy-retry"
#define NMV_OVPN_TAG_TLS_AUTH "tls-auth"
#define NMV_OVPN_TAG_TLS_CIPHER "tls-cipher"
#define NMV_OVPN_TAG_TLS_CLIENT "tls-client"
......@@ -100,4 +101,10 @@ gssize nmovpn_remote_parse (const char *str,
const char **out_proto,
GError **error);
static inline const char *
nmovpn_arg_is_set (const char *value)
{
return (value && value[0]) ? value : NULL;
}
#endif /* UTILS_H */
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment