android: Add flag to suppress sending certificate requests

diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java b/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java
index df9eb72d21894361b88e542dfb791d0ccdfb82a1..f4e2899d123988c0b9004ce7808d229715fc54a3 100644 (file)
--- a/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java
+++ b/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java
@@ -30,6 +30,7 @@ public class VpnProfile implements Cloneable
        /* While storing this as EnumSet would be nicer this simplifies storing it in a database */
        public static final int SPLIT_TUNNELING_BLOCK_IPV4 = 1;
        public static final int SPLIT_TUNNELING_BLOCK_IPV6 = 2;
+       public static final int FLAGS_SUPPRESS_CERT_REQS = 1;
 
        private String mName, mGateway, mUsername, mPassword, mCertificate, mUserCertificate;
        private String mRemoteId, mLocalId, mExcludedSubnets, mIncludedSubnets, mSelectedApps;

diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java
index d8b4b4e448eaef24d2284d8025a45b9ad7208377..235681772e01202691156a84d9c41b3154d65741 100644 (file)
--- a/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java
+++ b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java
@@ -258,6 +258,7 @@ public class CharonVpnService extends VpnService implements Runnable, VpnStateSe
                                                        writer.setValue("connection.password", mCurrentProfile.getPassword());
                                                        writer.setValue("connection.local_id", mCurrentProfile.getLocalId());
                                                        writer.setValue("connection.remote_id", mCurrentProfile.getRemoteId());
+                                                       writer.setValue("connection.certreq", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_SUPPRESS_CERT_REQS) == 0);
                                                        initiate(writer.serialize());
                                                }
                                                else

diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
index 33585df3223feab2be3b2182f22f0157f8d953e2..b43507cafb37f6d9ba5b9f583d6daa5359019c1b 100644 (file)
--- a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
+++ b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
@@ -737,11 +737,14 @@ static job_requeue_t initiate(private_android_service_t *this)
        };
        char *type, *server, *remote_id;
        int port;
+       bool certreq;
 
        server = this->settings->get_str(this->settings, "connection.server", NULL);
        port = this->settings->get_int(this->settings, "connection.port",
                                                                   IKEV2_UDP_PORT);
-       ike_cfg = ike_cfg_create(IKEV2, TRUE, TRUE, "0.0.0.0",
+       certreq = this->settings->get_bool(this->settings, "connection.certreq",
+                                                                          TRUE);
+       ike_cfg = ike_cfg_create(IKEV2, certreq, TRUE, "0.0.0.0",
                                                         charon->socket->get_port(charon->socket, FALSE),
                                                         server, port, FRAGMENTATION_YES, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));