core: fix static-key connections failure due to reneg-sec (rh #1225218)

epel8
Thomas Haller 10 years ago
parent 4ac86f4a12
commit 6cd1e5f708

@ -0,0 +1,49 @@
From 5124acb300405946602b4ff048bf7499e6d82347 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 27 May 2015 10:47:49 +0200
Subject: [PATCH 1/1] service: only set reneg-sec option in TLS mode
Fixes: bfc4464c9b6d7a00be013eee9a4132a1f9c6fbb9
https://bugzilla.gnome.org/show_bug.cgi?id=749050
https://bugzilla.redhat.com/show_bug.cgi?id=1225218
(cherry picked from commit 0fd197dc4221708dd37ee256952e8d080356676e)
---
src/nm-openvpn-service.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 7cb9438..0a4d5bf 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -733,6 +733,14 @@ validate_connection_type (const char *ctype)
return NULL;
}
+static gboolean
+connection_type_is_tls_mode (const char *connection_type)
+{
+ return strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS) == 0
+ || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD) == 0
+ || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS) == 0;
+}
+
static const char *
nm_find_openvpn (void)
{
@@ -1108,7 +1116,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
/* Reneg seconds */
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS);
- if (tmp && strlen (tmp)) {
+ if (!connection_type_is_tls_mode (connection_type)) {
+ /* Ignore --reneg-sec option if we are not in TLS mode (as enabled
+ * by --client below). openvpn will error out otherwise, see bgo#749050. */
+ } else if (tmp && strlen (tmp)) {
add_openvpn_arg (args, "--reneg-sec");
if (!add_openvpn_arg_int (args, tmp)) {
g_set_error (error,
--
2.1.0

@ -5,7 +5,7 @@ Summary: NetworkManager VPN plugin for OpenVPN
Name: NetworkManager-openvpn Name: NetworkManager-openvpn
Epoch: 1 Epoch: 1
Version: 1.0.2 Version: 1.0.2
Release: 1%{?snapshot}%{?dist} Release: 2%{?snapshot}%{?dist}
License: GPLv2+ License: GPLv2+
URL: http://www.gnome.org/projects/NetworkManager/ URL: http://www.gnome.org/projects/NetworkManager/
Group: System Environment/Base Group: System Environment/Base
@ -16,6 +16,8 @@ Group: System Environment/Base
# mv NetworkManager-openvpn-0.9.9.0.tar.bz2 NetworkManager-openvpn-0.9.9.0-5afb8eb.tar.bz2 # mv NetworkManager-openvpn-0.9.9.0.tar.bz2 NetworkManager-openvpn-0.9.9.0-5afb8eb.tar.bz2
Source0: http://ftp.gnome.org/pub/GNOME/sources/%{name}/1.0/%{name}-%{version}%{?commit:-%{commit}}.tar.xz Source0: http://ftp.gnome.org/pub/GNOME/sources/%{name}/1.0/%{name}-%{version}%{?commit:-%{commit}}.tar.xz
Patch0: 0001-reneg-sec.patch
BuildRequires: gtk3-devel BuildRequires: gtk3-devel
BuildRequires: dbus-devel BuildRequires: dbus-devel
BuildRequires: NetworkManager-devel BuildRequires: NetworkManager-devel
@ -58,6 +60,7 @@ the OpenVPN server with NetworkManager (GNOME files).
%prep %prep
%setup -q -n %{name}-%{version} %setup -q -n %{name}-%{version}
%patch0 -p1 -b .0001-reneg-sec.orig
%build %build
if [ ! -f configure ]; then if [ ! -f configure ]; then
@ -95,6 +98,9 @@ rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la
%{_datadir}/gnome-vpn-properties/openvpn/nm-openvpn-dialog.ui %{_datadir}/gnome-vpn-properties/openvpn/nm-openvpn-dialog.ui
%changelog %changelog
* Thu May 28 2015 Thomas Haller <thaller@redhat.com> - 1:1.0.2-2
- core: fix static-key connections failure due to reneg-sec (rh #1225218)
* Tue May 5 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:1.0.2-1 * Tue May 5 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:1.0.2-1
- Update to 1.0.2 release - Update to 1.0.2 release

Loading…
Cancel
Save