commit 25bf7dd52c1b1a64ae78f90518c79749b0786d4b Author: TJ Date: Wed Mar 23 22:43:36 2016 +0000 add -tls-cipher support diff --git a/debian/changelog b/debian/changelog index 35ce8c7..2f3ed86 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +network-manager-openvpn (0.9.10.0-1ubuntu3~tjppa) wily; urgency=low + + * debian/patches/03-support-option-tls-cipher.patch: + - Support specifying the --tls-cipher option + + -- TJ Wed, 23 Mar 2016 22:35:00 +0000 + network-manager-openvpn (0.9.10.0-1ubuntu2) wily; urgency=medium * debian/patches/02-build-specify-NM_VERSION_MIN_REQUIRED.patch: diff --git a/debian/patches/03-support-option-tls-cipher.patch b/debian/patches/03-support-option-tls-cipher.patch new file mode 100644 index 0000000..b793777 --- /dev/null +++ b/debian/patches/03-support-option-tls-cipher.patch @@ -0,0 +1,38 @@ +diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c +index 84968e8..429e64d 100644 +--- a/src/nm-openvpn-service.c ++++ b/src/nm-openvpn-service.c +@@ -126,6 +126,7 @@ static ValidProperty valid_properties[] = { + { NM_OPENVPN_KEY_TAP_DEV, G_TYPE_BOOLEAN, 0, 0, FALSE }, + { NM_OPENVPN_KEY_DEV, G_TYPE_STRING, 0, 0, FALSE }, + { NM_OPENVPN_KEY_DEV_TYPE, G_TYPE_STRING, 0, 0, FALSE }, ++ { NM_OPENVPN_KEY_TLS_CIPHER, G_TYPE_STRING, 0, 0, FALSE}, + { NM_OPENVPN_KEY_TLS_REMOTE, G_TYPE_STRING, 0, 0, FALSE }, + { NM_OPENVPN_KEY_REMOTE_CERT_TLS, G_TYPE_STRING, 0, 0, FALSE }, + { NM_OPENVPN_KEY_TUNNEL_MTU, G_TYPE_INT, 0, G_MAXINT, FALSE }, +@@ -1048,6 +1049,13 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, + add_openvpn_arg (args, tmp); + } + ++ /* TLS Ciphers */ ++ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TLS_CIPHER); ++ if (tmp && strlen(tmp)) { ++ add_openvpn_arg (args, "--tls-cipher"); ++ add_openvpn_arg (args, tmp); ++ } ++ + /* tls-remote */ + tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TLS_REMOTE); + if (tmp && strlen (tmp)) { +diff --git a/src/nm-openvpn-service.h b/src/nm-openvpn-service.h +index 5493cf5..4b47109 100644 +--- a/src/nm-openvpn-service.h ++++ b/src/nm-openvpn-service.h +@@ -63,6 +63,7 @@ + #define NM_OPENVPN_KEY_STATIC_KEY_DIRECTION "static-key-direction" + #define NM_OPENVPN_KEY_TA "ta" + #define NM_OPENVPN_KEY_TA_DIR "ta-dir" ++#define NM_OPENVPN_KEY_TLS_CIPHER "tls-cipher" + #define NM_OPENVPN_KEY_TUNNEL_MTU "tunnel-mtu" + #define NM_OPENVPN_KEY_USERNAME "username" + #define NM_OPENVPN_KEY_TAP_DEV "tap-dev" diff --git a/debian/patches/series b/debian/patches/series index 520964d..dc30995 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ # Debian patches for network-manager-openvpn 01-export-user-nobody.patch 02-build-specify-NM_VERSION_MIN_REQUIRED.patch +03-support-option-tls-cipher.patch diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c index 84968e8..429e64d 100644 --- a/src/nm-openvpn-service.c +++ b/src/nm-openvpn-service.c @@ -126,6 +126,7 @@ static ValidProperty valid_properties[] = { { NM_OPENVPN_KEY_TAP_DEV, G_TYPE_BOOLEAN, 0, 0, FALSE }, { NM_OPENVPN_KEY_DEV, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_DEV_TYPE, G_TYPE_STRING, 0, 0, FALSE }, + { NM_OPENVPN_KEY_TLS_CIPHER, G_TYPE_STRING, 0, 0, FALSE}, { NM_OPENVPN_KEY_TLS_REMOTE, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_REMOTE_CERT_TLS, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_TUNNEL_MTU, G_TYPE_INT, 0, G_MAXINT, FALSE }, @@ -1048,6 +1049,13 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, add_openvpn_arg (args, tmp); } + /* TLS Ciphers */ + tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TLS_CIPHER); + if (tmp && strlen(tmp)) { + add_openvpn_arg (args, "--tls-cipher"); + add_openvpn_arg (args, tmp); + } + /* tls-remote */ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TLS_REMOTE); if (tmp && strlen (tmp)) { diff --git a/src/nm-openvpn-service.h b/src/nm-openvpn-service.h index 5493cf5..4b47109 100644 --- a/src/nm-openvpn-service.h +++ b/src/nm-openvpn-service.h @@ -63,6 +63,7 @@ #define NM_OPENVPN_KEY_STATIC_KEY_DIRECTION "static-key-direction" #define NM_OPENVPN_KEY_TA "ta" #define NM_OPENVPN_KEY_TA_DIR "ta-dir" +#define NM_OPENVPN_KEY_TLS_CIPHER "tls-cipher" #define NM_OPENVPN_KEY_TUNNEL_MTU "tunnel-mtu" #define NM_OPENVPN_KEY_USERNAME "username" #define NM_OPENVPN_KEY_TAP_DEV "tap-dev"