From 3f0592d0fdf372214df4bc8f7c3e5f00bdd59f8c Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 29 Jun 2017 12:58:58 +0200
Subject: android: Add flag to suppress sending certificate requests

---
 .../app/src/main/java/org/strongswan/android/data/VpnProfile.java    | 1 +
 .../src/main/java/org/strongswan/android/logic/CharonVpnService.java | 1 +
 .../app/src/main/jni/libandroidbridge/backend/android_service.c      | 5 ++++-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java b/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java
index df9eb72d2..f4e2899d1 100644
--- a/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java
+++ b/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java
@@ -30,6 +30,7 @@ public class VpnProfile implements Cloneable
 	/* While storing this as EnumSet would be nicer this simplifies storing it in a database */
 	public static final int SPLIT_TUNNELING_BLOCK_IPV4 = 1;
 	public static final int SPLIT_TUNNELING_BLOCK_IPV6 = 2;
+	public static final int FLAGS_SUPPRESS_CERT_REQS = 1;
 
 	private String mName, mGateway, mUsername, mPassword, mCertificate, mUserCertificate;
 	private String mRemoteId, mLocalId, mExcludedSubnets, mIncludedSubnets, mSelectedApps;
diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java
index d8b4b4e44..235681772 100644
--- a/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java
+++ b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java
@@ -258,6 +258,7 @@ public class CharonVpnService extends VpnService implements Runnable, VpnStateSe
 							writer.setValue("connection.password", mCurrentProfile.getPassword());
 							writer.setValue("connection.local_id", mCurrentProfile.getLocalId());
 							writer.setValue("connection.remote_id", mCurrentProfile.getRemoteId());
+							writer.setValue("connection.certreq", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_SUPPRESS_CERT_REQS) == 0);
 							initiate(writer.serialize());
 						}
 						else
diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
index 33585df32..b43507caf 100644
--- a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
+++ b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
@@ -737,11 +737,14 @@ static job_requeue_t initiate(private_android_service_t *this)
 	};
 	char *type, *server, *remote_id;
 	int port;
+	bool certreq;
 
 	server = this->settings->get_str(this->settings, "connection.server", NULL);
 	port = this->settings->get_int(this->settings, "connection.port",
 								   IKEV2_UDP_PORT);
-	ike_cfg = ike_cfg_create(IKEV2, TRUE, TRUE, "0.0.0.0",
+	certreq = this->settings->get_bool(this->settings, "connection.certreq",
+									   TRUE);
+	ike_cfg = ike_cfg_create(IKEV2, certreq, TRUE, "0.0.0.0",
 							 charon->socket->get_port(charon->socket, FALSE),
 							 server, port, FRAGMENTATION_YES, 0);
 	ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
-- 
cgit v1.2.3