From 5124acb300405946602b4ff048bf7499e6d82347 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 27 May 2015 10:47:49 +0200 Subject: [PATCH 1/1] service: only set reneg-sec option in TLS mode Fixes: bfc4464c9b6d7a00be013eee9a4132a1f9c6fbb9 https://bugzilla.gnome.org/show_bug.cgi?id=749050 https://bugzilla.redhat.com/show_bug.cgi?id=1225218 (cherry picked from commit 0fd197dc4221708dd37ee256952e8d080356676e) --- src/nm-openvpn-service.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c index 7cb9438..0a4d5bf 100644 --- a/src/nm-openvpn-service.c +++ b/src/nm-openvpn-service.c @@ -733,6 +733,14 @@ validate_connection_type (const char *ctype) return NULL; } +static gboolean +connection_type_is_tls_mode (const char *connection_type) +{ + return strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS) == 0 + || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD) == 0 + || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS) == 0; +} + static const char * nm_find_openvpn (void) { @@ -1108,7 +1116,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, /* Reneg seconds */ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS); - if (tmp && strlen (tmp)) { + if (!connection_type_is_tls_mode (connection_type)) { + /* Ignore --reneg-sec option if we are not in TLS mode (as enabled + * by --client below). openvpn will error out otherwise, see bgo#749050. */ + } else if (tmp && strlen (tmp)) { add_openvpn_arg (args, "--reneg-sec"); if (!add_openvpn_arg_int (args, tmp)) { g_set_error (error, -- 2.1.0