From: Tobias Brunner Date: Thu, 29 Jun 2017 10:58:58 +0000 (+0200) Subject: android: Add flag to suppress sending certificate requests X-Git-Tag: 5.6.0dr1~22^2~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3f0592d0fdf372214df4bc8f7c3e5f00bdd59f8c;p=thirdparty%2Fstrongswan.git android: Add flag to suppress sending certificate requests --- diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java b/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java index df9eb72d21..f4e2899d12 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java @@ -30,6 +30,7 @@ public class VpnProfile implements Cloneable /* While storing this as EnumSet would be nicer this simplifies storing it in a database */ public static final int SPLIT_TUNNELING_BLOCK_IPV4 = 1; public static final int SPLIT_TUNNELING_BLOCK_IPV6 = 2; + public static final int FLAGS_SUPPRESS_CERT_REQS = 1; private String mName, mGateway, mUsername, mPassword, mCertificate, mUserCertificate; private String mRemoteId, mLocalId, mExcludedSubnets, mIncludedSubnets, mSelectedApps; diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java index d8b4b4e448..235681772e 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java @@ -258,6 +258,7 @@ public class CharonVpnService extends VpnService implements Runnable, VpnStateSe writer.setValue("connection.password", mCurrentProfile.getPassword()); writer.setValue("connection.local_id", mCurrentProfile.getLocalId()); writer.setValue("connection.remote_id", mCurrentProfile.getRemoteId()); + writer.setValue("connection.certreq", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_SUPPRESS_CERT_REQS) == 0); initiate(writer.serialize()); } else diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c index 33585df322..b43507cafb 100644 --- a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c +++ b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c @@ -737,11 +737,14 @@ static job_requeue_t initiate(private_android_service_t *this) }; char *type, *server, *remote_id; int port; + bool certreq; server = this->settings->get_str(this->settings, "connection.server", NULL); port = this->settings->get_int(this->settings, "connection.port", IKEV2_UDP_PORT); - ike_cfg = ike_cfg_create(IKEV2, TRUE, TRUE, "0.0.0.0", + certreq = this->settings->get_bool(this->settings, "connection.certreq", + TRUE); + ike_cfg = ike_cfg_create(IKEV2, certreq, TRUE, "0.0.0.0", charon->socket->get_port(charon->socket, FALSE), server, port, FRAGMENTATION_YES, 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));