diff -ru network-manager-openvpn-0.9.10.0-orig/properties/auth-helpers.c network-manager-openvpn-0.9.10.0/properties/auth-helpers.c
--- network-manager-openvpn-0.9.10.0-orig/properties/auth-helpers.c 2014-06-30 15:59:32.000000000 +0200
+++ network-manager-openvpn-0.9.10.0/properties/auth-helpers.c 2015-12-03 15:27:17.530258680 +0100
@@ -967,6 +967,7 @@
NM_OPENVPN_KEY_TLS_REMOTE,
NM_OPENVPN_KEY_REMOTE_RANDOM,
NM_OPENVPN_KEY_REMOTE_CERT_TLS,
+ NM_OPENVPN_KEY_TLS_VERSION_MAX,
NULL
};
@@ -1267,6 +1268,11 @@
#define DEVICE_TYPE_IDX_TUN 0
#define DEVICE_TYPE_IDX_TAP 1
+#define TLS_VERSION_NONE -1
+#define TLS_VERSION_1_0 0
+#define TLS_VERSION_1_1 1
+#define TLS_VERSION_1_2 2
+
static void
proxy_type_changed (GtkComboBox *combo, gpointer user_data)
{
@@ -1421,6 +1427,7 @@
GtkListStore *store;
GtkTreeIter iter;
guint32 active = PROXY_TYPE_NONE;
+ gint32 tls_version_max = TLS_VERSION_NONE;
GError *error = NULL;
g_return_val_if_fail (hash != NULL, NULL);
@@ -1688,6 +1695,41 @@
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
}
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_version_max_checkbutton"));
+ g_assert (widget);
+ combo = GTK_WIDGET (gtk_builder_get_object (builder, "tls_version_max_combo"));
+ g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (checkbox_toggled_update_widget_cb), combo);
+
+ value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TLS_VERSION_MAX);
+ tls_version_max = TLS_VERSION_NONE;
+ if (!g_strcmp0(value, "1.0"))
+ tls_version_max = TLS_VERSION_1_0;
+ else if (!g_strcmp0(value, "1.1"))
+ tls_version_max = TLS_VERSION_1_1;
+ else if (!g_strcmp0(value, "1.2"))
+ tls_version_max = TLS_VERSION_1_2;
+
+ store = gtk_list_store_new (1, G_TYPE_STRING);
+ gtk_list_store_append (store, &iter);
+ gtk_list_store_set (store, &iter, 0, _("1.0"), -1);
+ gtk_list_store_append (store, &iter);
+ gtk_list_store_set (store, &iter, 0, _("1.1"), -1);
+ gtk_list_store_append (store, &iter);
+ gtk_list_store_set (store, &iter, 0, _("1.2"), -1);
+ gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (store));
+ g_object_unref (store);
+
+ if (tls_version_max != TLS_VERSION_NONE) {
+ gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
+ gtk_combo_box_set_active (GTK_COMBO_BOX (combo), tls_version_max);
+ gtk_widget_set_sensitive (combo, TRUE);
+
+ } else {
+ gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), FALSE);
+ gtk_combo_box_set_active (GTK_COMBO_BOX (combo), TLS_VERSION_1_2);
+ gtk_widget_set_sensitive (combo, FALSE);
+ }
+
widget = GTK_WIDGET (gtk_builder_get_object (builder, "cipher_combo"));
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_CIPHER);
populate_cipher_combo (GTK_COMBO_BOX (widget), value);
@@ -1940,6 +1982,26 @@
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_REMOTE_RANDOM), g_strdup ("yes"));
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_version_max_checkbutton"));
+ if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
+ int tls_version_max;
+
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_version_max_combo"));
+ tls_version_max = gtk_combo_box_get_active (GTK_COMBO_BOX (widget));
+ if (tls_version_max == TLS_VERSION_1_0)
+ g_hash_table_insert (hash,
+ g_strdup (NM_OPENVPN_KEY_TLS_VERSION_MAX),
+ g_strdup ("1.0"));
+ else if (tls_version_max == TLS_VERSION_1_1)
+ g_hash_table_insert (hash,
+ g_strdup (NM_OPENVPN_KEY_TLS_VERSION_MAX),
+ g_strdup ("1.1"));
+ else if (tls_version_max == TLS_VERSION_1_2)
+ g_hash_table_insert (hash,
+ g_strdup (NM_OPENVPN_KEY_TLS_VERSION_MAX),
+ g_strdup ("1.2"));
+ }
+
widget = GTK_WIDGET (gtk_builder_get_object (builder, "cipher_combo"));
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) {
diff -ru network-manager-openvpn-0.9.10.0-orig/properties/import-export.c network-manager-openvpn-0.9.10.0/properties/import-export.c
--- network-manager-openvpn-0.9.10.0-orig/properties/import-export.c 2015-12-03 15:21:29.000000000 +0100
+++ network-manager-openvpn-0.9.10.0/properties/import-export.c 2015-12-03 15:20:59.509564127 +0100
@@ -73,6 +73,7 @@
#define TLS_CLIENT_TAG "tls-client"
#define TLS_REMOTE_TAG "tls-remote "
#define REMOTE_CERT_TLS_TAG "remote-cert-tls "
+#define TLS_VERSION_MAX_TAG "tls-version-max "
#define TUNMTU_TAG "tun-mtu "
@@ -651,6 +652,21 @@
continue;
}
+ if (!strncmp (*line, TLS_VERSION_MAX_TAG, strlen (TLS_VERSION_MAX_TAG))) {
+ items = get_args (*line + strlen (TLS_VERSION_MAX_TAG), &nitems);
+ if (nitems == 1) {
+ if (!strcmp (items[0], "1.0") || !strcmp (items[0], "1.1") ||
+ !strcmp (items[0], "1.2") || !strcmp (items[0], "1.3"))
+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TLS_VERSION_MAX, items[0]);
+ else
+ g_warning ("%s: unknown %s option '%s'", __func__, TLS_VERSION_MAX_TAG, *line);
+ } else
+ g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
+
+ g_strfreev (items);
+ continue;
+ }
+
if (!strncmp (*line, IFCONFIG_TAG, strlen (IFCONFIG_TAG))) {
items = get_args (*line + strlen (IFCONFIG_TAG), &nitems);
if (nitems == 2) {
@@ -774,6 +790,7 @@
const char *remote_ip = NULL;
const char *tls_remote = NULL;
const char *remote_cert_tls = NULL;
+ const char *tls_version_max = NULL;
const char *tls_auth = NULL;
const char *tls_auth_dir = NULL;
const char *device = NULL;
@@ -850,6 +867,11 @@
if (value && strlen (value))
tls_remote = value;
+ /* Export tls-version-max value */
+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TLS_VERSION_MAX);
+ if (value && strlen (value))
+ tls_version_max = value;
+
/* Advanced values start */
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PORT);
if (value && strlen (value))
@@ -1004,6 +1026,9 @@
}
}
+ if (tls_version_max)
+ fprintf (f,"tls-version-max \"%s\"\n", tls_version_max);
+
/* Proxy stuff */
proxy_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_TYPE);
if (proxy_type && strlen (proxy_type)) {
diff -ru network-manager-openvpn-0.9.10.0-orig/properties/nm-openvpn-dialog.ui network-manager-openvpn-0.9.10.0/properties/nm-openvpn-dialog.ui
--- network-manager-openvpn-0.9.10.0-orig/properties/nm-openvpn-dialog.ui 2014-06-30 15:59:32.000000000 +0200
+++ network-manager-openvpn-0.9.10.0/properties/nm-openvpn-dialog.ui 2015-12-03 15:43:36.411364935 +0100
@@ -977,6 +977,55 @@
2
+
+
+
+ False
+ True
+ 9
+
+
diff -ru network-manager-openvpn-0.9.10.0-orig/src/nm-openvpn-service.c network-manager-openvpn-0.9.10.0/src/nm-openvpn-service.c
--- network-manager-openvpn-0.9.10.0-orig/src/nm-openvpn-service.c 2014-06-30 15:59:32.000000000 +0200
+++ network-manager-openvpn-0.9.10.0/src/nm-openvpn-service.c 2015-12-03 15:20:13.199846584 +0100
@@ -127,6 +127,7 @@
{ NM_OPENVPN_KEY_DEV, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_DEV_TYPE, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_TLS_REMOTE, G_TYPE_STRING, 0, 0, FALSE },
+ { NM_OPENVPN_KEY_TLS_VERSION_MAX, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_REMOTE_CERT_TLS, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_TUNNEL_MTU, G_TYPE_INT, 0, G_MAXINT, FALSE },
{ NM_OPENVPN_KEY_USERNAME, G_TYPE_STRING, 0, 0, FALSE },
@@ -1062,6 +1063,13 @@
add_openvpn_arg (args, tmp);
}
+ /* tls-version-max */
+ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TLS_VERSION_MAX);
+ if (tmp && strlen (tmp)) {
+ add_openvpn_arg (args, "--tls-version-max");
+ add_openvpn_arg (args, tmp);
+ }
+
/* Reneg seconds */
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS);
if (tmp && strlen (tmp)) {
diff -ru network-manager-openvpn-0.9.10.0-orig/src/nm-openvpn-service.h network-manager-openvpn-0.9.10.0/src/nm-openvpn-service.h
--- network-manager-openvpn-0.9.10.0-orig/src/nm-openvpn-service.h 2014-06-30 15:59:32.000000000 +0200
+++ network-manager-openvpn-0.9.10.0/src/nm-openvpn-service.h 2015-12-03 12:08:41.254196953 +0100
@@ -70,6 +70,7 @@
#define NM_OPENVPN_KEY_DEV_TYPE "dev-type"
#define NM_OPENVPN_KEY_TLS_REMOTE "tls-remote"
#define NM_OPENVPN_KEY_REMOTE_CERT_TLS "remote-cert-tls"
+#define NM_OPENVPN_KEY_TLS_VERSION_MAX "tls-version-max"
#define NM_OPENVPN_KEY_PASSWORD "password"
#define NM_OPENVPN_KEY_CERTPASS "cert-pass"