android: Add flag to suppress sending certificate requests
authorTobias Brunner <tobias@strongswan.org>
Thu, 29 Jun 2017 10:58:58 +0000 (12:58 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 3 Jul 2017 08:37:09 +0000 (10:37 +0200)
src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java
src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java
src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c

index df9eb72..f4e2899 100644 (file)
@@ -30,6 +30,7 @@ public class VpnProfile implements Cloneable
        /* While storing this as EnumSet would be nicer this simplifies storing it in a database */
        public static final int SPLIT_TUNNELING_BLOCK_IPV4 = 1;
        public static final int SPLIT_TUNNELING_BLOCK_IPV6 = 2;
+       public static final int FLAGS_SUPPRESS_CERT_REQS = 1;
 
        private String mName, mGateway, mUsername, mPassword, mCertificate, mUserCertificate;
        private String mRemoteId, mLocalId, mExcludedSubnets, mIncludedSubnets, mSelectedApps;
index d8b4b4e..2356817 100644 (file)
@@ -258,6 +258,7 @@ public class CharonVpnService extends VpnService implements Runnable, VpnStateSe
                                                        writer.setValue("connection.password", mCurrentProfile.getPassword());
                                                        writer.setValue("connection.local_id", mCurrentProfile.getLocalId());
                                                        writer.setValue("connection.remote_id", mCurrentProfile.getRemoteId());
+                                                       writer.setValue("connection.certreq", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_SUPPRESS_CERT_REQS) == 0);
                                                        initiate(writer.serialize());
                                                }
                                                else
index 33585df..b43507c 100644 (file)
@@ -737,11 +737,14 @@ static job_requeue_t initiate(private_android_service_t *this)
        };
        char *type, *server, *remote_id;
        int port;
+       bool certreq;
 
        server = this->settings->get_str(this->settings, "connection.server", NULL);
        port = this->settings->get_int(this->settings, "connection.port",
                                                                   IKEV2_UDP_PORT);
-       ike_cfg = ike_cfg_create(IKEV2, TRUE, TRUE, "0.0.0.0",
+       certreq = this->settings->get_bool(this->settings, "connection.certreq",
+                                                                          TRUE);
+       ike_cfg = ike_cfg_create(IKEV2, certreq, TRUE, "0.0.0.0",
                                                         charon->socket->get_port(charon->socket, FALSE),
                                                         server, port, FRAGMENTATION_YES, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));