Bug 763484 – Please expose the OpenVPN tls-cipher option

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 763484 - Please expose the OpenVPN tls-cipher option


Summary:	Please expose the OpenVPN tls-cipher option


Status:	RESOLVED FIXED

Product:	NetworkManager
Classification:	Platform
Component:	VPN: openvpn
Version:	0.9.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	NetworkManager maintainer(s)
QA Contact:	NetworkManager maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:	nm-openvpn-options

Reported:	2016-03-11 01:45 UTC by Forest
Modified:	2016-05-19 09:46 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
previous patch for Ubuntu 16.04 with n-m-o 1.1.93 (3.32 KB, patch) 2016-05-19 07:33 UTC, TJ	none	Details \| Review

Description Forest 2016-03-11 01:45:03 UTC

tls-cipher is one of the OpenVPN options missing from NetworkManager's GUI.  I expects it's ignored by the .ovpn file importer, too, effectively stripping away the protections it is supposed to provide.

Comment 1 TJ 2016-05-18 14:55:46 UTC

I have an Ubuntu version built for tls-cipher support in my PPA at:

https://launchpad.net/~tj/+archive/ubuntu/ppa/+packages

It doesn't currently have a GUI element though, although that is being thought about.

Comment 2 Thomas Haller 2016-05-18 15:45:32 UTC

(In reply to TJ from comment #1)
> I have an Ubuntu version built for tls-cipher support in my PPA at:
> 
> https://launchpad.net/~tj/+archive/ubuntu/ppa/+packages
> 
> It doesn't currently have a GUI element though, although that is being
> thought about.

Hi TJ,

your downstream patch is for a rather old version of NM. It wouldn't apply on current master.



I fixed it on master and backported it to nm-1-2.

master: https://git.gnome.org/browse/network-manager-openvpn/commit/?id=d7a84afe1d1948c7990a08b18913e65550c222a0
nm-1-2: https://git.gnome.org/browse/network-manager-openvpn/commit/?h=nm-1-2&id=0bb5562a2c8b1924eeb3c671f28853aaaabf70f4



If you cleanup your patches and submit them upstream, we can apply them to nm-1-0 and nm-0-9-10 branch too. Thanks.

Comment 3 TJ 2016-05-18 17:17:00 UTC

Thomas

Comment 4 TJ 2016-05-18 17:18:12 UTC

Thomas: that was fast!

I'll put it on my todo list. sounds like it just needs the master patches backporting. I'm not fabulously familiar with the codebase but I'll take a look soon.

Comment 5 TJ 2016-05-19 07:33:11 UTC

Created attachment 328171 [details] [review]
previous patch for Ubuntu 16.04 with n-m-o 1.1.93

I'd forgotten I also wrote a patch for n-m-o 1.1.93 which is in Ubuntu 16.04 Xenial:

network-manager-openvpn (1.1.93-1ubuntu2~tj_ppa1) xenial; urgency=medium

  * debian/patches/04-support-option-tls-cipher.patch
    - Support specifying the --tls-cipher option

 -- TJ <ubuntu@iam.tj>  Sun, 01 May 2016 13:15:31 +0100

Comment 6 Thomas Haller 2016-05-19 09:46:18 UTC

Hi TJ,

sorry, there was a misunderstanding.


As said in comment 2, I already fixed it for 1.2 (https://git.gnome.org/browse/network-manager-openvpn/commit/?h=nm-1-2&id=0bb5562a2c8b1924eeb3c671f28853aaaabf70f4).

You sent a patch for 1.1.93, which is essentially 1.2 (where it is already fixed).


I meant: if you would like to take your patch for the older versions (1.0 or 0.9.10) -- which you already had -- and send it upstream.
I tried to take the patch from your ubuntu package, but it didn't apply. So, if you want to send it for the *old* versions, please rebase it.


Ok? Thank you.