sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-11-04 00:00:51 -05:00
Code Issues Projects Releases Wiki Activity

android: Add flag to enable RSA/PSS

Browse Source
This commit is contained in:
Tobias Brunner 2018-06-21 12:09:47 +02:00
parent ad2d20e5f0
commit 205ec47ddb
3 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java
View File

@ -35,6 +35,7 @@ public class VpnProfile implements Cloneable
public static final int FLAGS_DISABLE_CRL = 1 << 1; public static final int FLAGS_DISABLE_CRL = 1 << 1;
public static final int FLAGS_DISABLE_OCSP = 1 << 2; public static final int FLAGS_DISABLE_OCSP = 1 << 2;
public static final int FLAGS_STRICT_REVOCATION = 1 << 3; public static final int FLAGS_STRICT_REVOCATION = 1 << 3;
public static final int FLAGS_RSA_PSS = 1 << 4;
private String mName, mGateway, mUsername, mPassword, mCertificate, mUserCertificate; private String mName, mGateway, mUsername, mPassword, mCertificate, mUserCertificate;
private String mRemoteId, mLocalId, mExcludedSubnets, mIncludedSubnets, mSelectedApps; private String mRemoteId, mLocalId, mExcludedSubnets, mIncludedSubnets, mSelectedApps;

1
src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java
View File

@ -301,6 +301,7 @@ public class CharonVpnService extends VpnService implements Runnable, VpnStateSe
writer.setValue("global.language", Locale.getDefault().getLanguage()); writer.setValue("global.language", Locale.getDefault().getLanguage());
writer.setValue("global.mtu", mCurrentProfile.getMTU()); writer.setValue("global.mtu", mCurrentProfile.getMTU());
writer.setValue("global.nat_keepalive", mCurrentProfile.getNATKeepAlive()); writer.setValue("global.nat_keepalive", mCurrentProfile.getNATKeepAlive());
writer.setValue("global.rsa_pss", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_RSA_PSS) != 0);
writer.setValue("global.crl", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_DISABLE_CRL) == 0); writer.setValue("global.crl", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_DISABLE_CRL) == 0);
writer.setValue("global.ocsp", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_DISABLE_OCSP) == 0); writer.setValue("global.ocsp", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_DISABLE_OCSP) == 0);
writer.setValue("connection.type", mCurrentProfile.getVpnType().getIdentifier()); writer.setValue("connection.type", mCurrentProfile.getVpnType().getIdentifier());

3
src/frontends/android/app/src/main/jni/libandroidbridge/charonservice.c
View File

@ -418,6 +418,9 @@ static void initiate(settings_t *settings)
lib->settings->set_bool(lib->settings, lib->settings->set_bool(lib->settings,
"charon.plugins.revocation.enable_ocsp", "charon.plugins.revocation.enable_ocsp",
settings->get_bool(settings, "global.ocsp", TRUE)); settings->get_bool(settings, "global.ocsp", TRUE));
lib->settings->set_bool(lib->settings,
"charon.rsa_pss",
settings->get_bool(settings, "global.rsa_pss", FALSE));
/* this is actually the size of the complete IKE/IP packet, so if the MTU /* this is actually the size of the complete IKE/IP packet, so if the MTU
* for the TUN devices has to be reduced to pass traffic the IKE packets * for the TUN devices has to be reduced to pass traffic the IKE packets
* will be a bit smaller than necessary as there is no IPsec overhead like * will be a bit smaller than necessary as there is no IPsec overhead like