/*
- * Copyright (C) 2012-2017 Tobias Brunner
+ * Copyright (C) 2012-2018 Tobias Brunner
* Copyright (C) 2012 Giuliano Grassi
* Copyright (C) 2012 Ralf Sager
* HSR Hochschule fuer Technik Rapperswil
/* While storing this as EnumSet would be nicer this simplifies storing it in a database */
public static final int SPLIT_TUNNELING_BLOCK_IPV4 = 1;
public static final int SPLIT_TUNNELING_BLOCK_IPV6 = 2;
- public static final int FLAGS_SUPPRESS_CERT_REQS = 1;
+
+ public static final int FLAGS_SUPPRESS_CERT_REQS = 1 << 0;
+ public static final int FLAGS_DISABLE_CRL = 1 << 1;
+ public static final int FLAGS_DISABLE_OCSP = 1 << 2;
+ public static final int FLAGS_STRICT_REVOCATION = 1 << 3;
private String mName, mGateway, mUsername, mPassword, mCertificate, mUserCertificate;
private String mRemoteId, mLocalId, mExcludedSubnets, mIncludedSubnets, mSelectedApps;
writer.setValue("global.language", Locale.getDefault().getLanguage());
writer.setValue("global.mtu", mCurrentProfile.getMTU());
writer.setValue("global.nat_keepalive", mCurrentProfile.getNATKeepAlive());
+ writer.setValue("global.crl", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_DISABLE_CRL) == 0);
+ writer.setValue("global.ocsp", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_DISABLE_OCSP) == 0);
writer.setValue("connection.type", mCurrentProfile.getVpnType().getIdentifier());
writer.setValue("connection.server", mCurrentProfile.getGateway());
writer.setValue("connection.port", mCurrentProfile.getPort());
writer.setValue("connection.local_id", mCurrentProfile.getLocalId());
writer.setValue("connection.remote_id", mCurrentProfile.getRemoteId());
writer.setValue("connection.certreq", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_SUPPRESS_CERT_REQS) == 0);
+ writer.setValue("connection.strict_revocation", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_STRICT_REVOCATION) != 0);
writer.setValue("connection.ike_proposal", mCurrentProfile.getIkeProposal());
writer.setValue("connection.esp_proposal", mCurrentProfile.getEspProposal());
initiate(writer.serialize());
/*
- * Copyright (C) 2010-2017 Tobias Brunner
+ * Copyright (C) 2010-2018 Tobias Brunner
* Copyright (C) 2012 Giuliano Grassi
* Copyright (C) 2012 Ralf Sager
* HSR Hochschule fuer Technik Rapperswil
}
auth->add(auth, AUTH_RULE_IDENTITY, gateway);
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+ if (this->settings->get_bool(this->settings, "connection.strict_revocation", FALSE))
+ {
+ auth->add(auth, AUTH_RULE_CRL_VALIDATION, VALIDATION_GOOD);
+ }
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
child_cfg = child_cfg_create("android", &child);
/*
- * Copyright (C) 2012-2017 Tobias Brunner
+ * Copyright (C) 2012-2018 Tobias Brunner
* Copyright (C) 2012 Giuliano Grassi
* Copyright (C) 2012 Ralf Sager
* HSR Hochschule fuer Technik Rapperswil
lib->settings->set_str(lib->settings,
"charon.plugins.tnc-imc.preferred_language",
settings->get_str(settings, "global.language", "en"));
+ lib->settings->set_bool(lib->settings,
+ "charon.plugins.revocation.enable_crl",
+ settings->get_bool(settings, "global.crl", TRUE));
+ lib->settings->set_bool(lib->settings,
+ "charon.plugins.revocation.enable_ocsp",
+ settings->get_bool(settings, "global.ocsp", TRUE));
/* this is actually the size of the complete IKE/IP packet, so if the MTU
* for the TUN devices has to be reduced to pass traffic the IKE packets
* will be a bit smaller than necessary as there is no IPsec overhead like
settings->get_int(settings, "global.nat_keepalive",
ANDROID_KEEPALIVE_INTERVAL));
+ /* reload plugins after changing settings */
+ lib->plugins->reload(lib->plugins, NULL);
+
this->creds->clear(this->creds);
DESTROY_IF(this->service);
this->service = android_service_create(this->creds, settings);