core: fix static-key connections failure due to reneg-sec (rh #1225218)
parent
4ac86f4a12
commit
6cd1e5f708
@ -0,0 +1,49 @@
|
|||||||
|
From 5124acb300405946602b4ff048bf7499e6d82347 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Thomas Haller <thaller@redhat.com>
|
||||||
|
Date: Wed, 27 May 2015 10:47:49 +0200
|
||||||
|
Subject: [PATCH 1/1] service: only set reneg-sec option in TLS mode
|
||||||
|
|
||||||
|
Fixes: bfc4464c9b6d7a00be013eee9a4132a1f9c6fbb9
|
||||||
|
|
||||||
|
https://bugzilla.gnome.org/show_bug.cgi?id=749050
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1225218
|
||||||
|
|
||||||
|
(cherry picked from commit 0fd197dc4221708dd37ee256952e8d080356676e)
|
||||||
|
---
|
||||||
|
src/nm-openvpn-service.c | 13 ++++++++++++-
|
||||||
|
1 file changed, 12 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
|
||||||
|
index 7cb9438..0a4d5bf 100644
|
||||||
|
--- a/src/nm-openvpn-service.c
|
||||||
|
+++ b/src/nm-openvpn-service.c
|
||||||
|
@@ -733,6 +733,14 @@ validate_connection_type (const char *ctype)
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static gboolean
|
||||||
|
+connection_type_is_tls_mode (const char *connection_type)
|
||||||
|
+{
|
||||||
|
+ return strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS) == 0
|
||||||
|
+ || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD) == 0
|
||||||
|
+ || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS) == 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static const char *
|
||||||
|
nm_find_openvpn (void)
|
||||||
|
{
|
||||||
|
@@ -1108,7 +1116,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
|
||||||
|
|
||||||
|
/* Reneg seconds */
|
||||||
|
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS);
|
||||||
|
- if (tmp && strlen (tmp)) {
|
||||||
|
+ if (!connection_type_is_tls_mode (connection_type)) {
|
||||||
|
+ /* Ignore --reneg-sec option if we are not in TLS mode (as enabled
|
||||||
|
+ * by --client below). openvpn will error out otherwise, see bgo#749050. */
|
||||||
|
+ } else if (tmp && strlen (tmp)) {
|
||||||
|
add_openvpn_arg (args, "--reneg-sec");
|
||||||
|
if (!add_openvpn_arg_int (args, tmp)) {
|
||||||
|
g_set_error (error,
|
||||||
|
--
|
||||||
|
2.1.0
|
||||||
|
|
Loading…
Reference in new issue