public static final int FLAGS_DISABLE_CRL = 1 << 1;
public static final int FLAGS_DISABLE_OCSP = 1 << 2;
public static final int FLAGS_STRICT_REVOCATION = 1 << 3;
+ public static final int FLAGS_RSA_PSS = 1 << 4;
private String mName, mGateway, mUsername, mPassword, mCertificate, mUserCertificate;
private String mRemoteId, mLocalId, mExcludedSubnets, mIncludedSubnets, mSelectedApps;
writer.setValue("global.language", Locale.getDefault().getLanguage());
writer.setValue("global.mtu", mCurrentProfile.getMTU());
writer.setValue("global.nat_keepalive", mCurrentProfile.getNATKeepAlive());
+ writer.setValue("global.rsa_pss", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_RSA_PSS) != 0);
writer.setValue("global.crl", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_DISABLE_CRL) == 0);
writer.setValue("global.ocsp", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_DISABLE_OCSP) == 0);
writer.setValue("connection.type", mCurrentProfile.getVpnType().getIdentifier());
lib->settings->set_bool(lib->settings,
"charon.plugins.revocation.enable_ocsp",
settings->get_bool(settings, "global.ocsp", TRUE));
+ lib->settings->set_bool(lib->settings,
+ "charon.rsa_pss",
+ settings->get_bool(settings, "global.rsa_pss", FALSE));
/* this is actually the size of the complete IKE/IP packet, so if the MTU
* for the TUN devices has to be reduced to pass traffic the IKE packets
* will be a bit smaller than necessary as there is no IPsec overhead like