1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-12-24 17:19:52 +03:00

Retry connection on untrusted server certificate

With server certificate validation enabled, vpnclient unconditionally
stopped connection on untrusted server certificate. Added account
configuration parameter to retry connection if server certivicate failed
validation.
This commit is contained in:
Joshua Perry 2018-08-05 20:48:05 +02:00 committed by Davide Beatrici
parent 828d3b2ffb
commit 28e8d4bcce
12 changed files with 249 additions and 1 deletions

View File

@ -6242,6 +6242,7 @@ void CmExportAccount(HWND hWnd, wchar_t *account_name)
t.ClientAuth = a->ClientAuth;
t.StartupAccount = a->Startup;
t.CheckServerCert = a->CheckServerCert;
t.RetryOnServerCert = a->RetryOnServerCert;
t.ServerCert = a->ServerCert;
t.ClientOption->FromAdminPack = false;
@ -6381,6 +6382,7 @@ void CmImportAccountMainEx(HWND hWnd, wchar_t *filename, bool overwrite)
// Other Settings
t->StartupAccount = get.StartupAccount;
t->CheckServerCert = get.CheckServerCert;
t->RetryOnServerCert = get.RetryOnServerCert;
if (t->ServerCert != NULL)
{
FreeX(t->ServerCert);
@ -6489,6 +6491,7 @@ void CmCopyAccount(HWND hWnd, wchar_t *account_name)
c.ServerCert = CloneX(a->ServerCert);
}
c.CheckServerCert = a->CheckServerCert;
c.RetryOnServerCert = a->RetryOnServerCert;
c.StartupAccount = false; // Don't copy the startup attribute
CALL(hWnd, CcCreateAccount(cm->Client, &c));
@ -8899,6 +8902,7 @@ CM_ACCOUNT *CmGetExistAccountObject(HWND hWnd, wchar_t *account_name)
a = ZeroMalloc(sizeof(CM_ACCOUNT));
a->EditMode = true;
a->CheckServerCert = c.CheckServerCert;
a->RetryOnServerCert = c.RetryOnServerCert;
a->Startup = c.StartupAccount;
if (c.ServerCert != NULL)
{
@ -8928,6 +8932,7 @@ CM_ACCOUNT *CmCreateNewAccountObject(HWND hWnd)
a = ZeroMalloc(sizeof(CM_ACCOUNT));
a->EditMode = false;
a->CheckServerCert = false;
a->RetryOnServerCert = false;
a->Startup = false;
a->ClientOption = ZeroMalloc(sizeof(CLIENT_OPTION));

View File

@ -236,6 +236,7 @@ typedef struct CM_ACCOUNT
CLIENT_AUTH *ClientAuth; // Authentication data
bool Startup; // Startup account
bool CheckServerCert; // Check the server certificate
bool RetryOnServerCert; // Retry on invalid server certificate
X *ServerCert; // Server certificate
char old_server_name[MAX_HOST_NAME_LEN + 1]; // Old server name
bool Inited; // Initialization flag

View File

@ -2144,6 +2144,7 @@ RPC_CLIENT_CREATE_ACCOUNT *CiCfgToAccount(BUF *b)
t->ClientAuth = a->ClientAuth;
t->StartupAccount = a->StartupAccount;
t->CheckServerCert = a->CheckServerCert;
t->RetryOnServerCert = a->RetryOnServerCert;
t->ServerCert = a->ServerCert;
Free(a);
@ -2167,6 +2168,7 @@ BUF *CiAccountToCfg(RPC_CLIENT_CREATE_ACCOUNT *t)
a.ClientOption = t->ClientOption;
a.ClientAuth = t->ClientAuth;
a.CheckServerCert = t->CheckServerCert;
a.RetryOnServerCert = t->RetryOnServerCert;
a.ServerCert = t->ServerCert;
a.StartupAccount = t->StartupAccount;
@ -4704,6 +4706,7 @@ void InRpcClientCreateAccount(RPC_CLIENT_CREATE_ACCOUNT *c, PACK *p)
c->StartupAccount = PackGetInt(p, "StartupAccount") ? true : false;
c->CheckServerCert = PackGetInt(p, "CheckServerCert") ? true : false;
c->RetryOnServerCert = PackGetInt(p, "RetryOnServerCert") ? true : false;
b = PackGetBuf(p, "ServerCert");
if (b != NULL)
{
@ -4726,6 +4729,7 @@ void OutRpcClientCreateAccount(PACK *p, RPC_CLIENT_CREATE_ACCOUNT *c)
PackAddInt(p, "StartupAccount", c->StartupAccount);
PackAddInt(p, "CheckServerCert", c->CheckServerCert);
PackAddInt(p, "RetryOnServerCert", c->RetryOnServerCert);
if (c->ServerCert != NULL)
{
b = XToBuf(c->ServerCert, false);
@ -4873,6 +4877,7 @@ void InRpcClientGetAccount(RPC_CLIENT_GET_ACCOUNT *c, PACK *p)
PackGetUniStr(p, "AccountName", c->AccountName, sizeof(c->AccountName));
c->StartupAccount = PackGetInt(p, "StartupAccount") ? true : false;
c->CheckServerCert = PackGetInt(p, "CheckServerCert") ? true : false;
c->RetryOnServerCert = PackGetInt(p, "RetryOnServerCert") ? true : false;
b = PackGetBuf(p, "ServerCert");
if (b != NULL)
{
@ -4901,6 +4906,7 @@ void OutRpcClientGetAccount(PACK *p, RPC_CLIENT_GET_ACCOUNT *c)
PackAddUniStr(p, "AccountName", c->AccountName);
PackAddInt(p, "StartupAccount", c->StartupAccount);
PackAddInt(p, "CheckServerCert", c->CheckServerCert);
PackAddInt(p, "RetryOnServerCert", c->RetryOnServerCert);
if (c->ServerCert != NULL)
{
@ -6724,6 +6730,7 @@ bool CtGetAccount(CLIENT *c, RPC_CLIENT_GET_ACCOUNT *a)
a->StartupAccount = r->StartupAccount;
a->CheckServerCert = r->CheckServerCert;
a->RetryOnServerCert = r->RetryOnServerCert;
a->ServerCert = NULL;
if (r->ServerCert != NULL)
{
@ -7250,6 +7257,7 @@ bool CtSetAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner)
ret->StartupAccount = a->StartupAccount;
ret->CheckServerCert = a->CheckServerCert;
ret->RetryOnServerCert = a->RetryOnServerCert;
if (a->ServerCert != NULL)
{
@ -7356,6 +7364,7 @@ bool CtCreateAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner)
new_account->StartupAccount = a->StartupAccount;
new_account->CheckServerCert = a->CheckServerCert;
new_account->RetryOnServerCert = a->RetryOnServerCert;
if (a->ServerCert != NULL)
{
new_account->ServerCert = CloneX(a->ServerCert);
@ -9530,6 +9539,7 @@ ACCOUNT *CiLoadClientAccount(FOLDER *f)
a->StartupAccount = CfgGetBool(f, "StartupAccount");
a->CheckServerCert = CfgGetBool(f, "CheckServerCert");
a->RetryOnServerCert = CfgGetBool(f, "RetryOnServerCert");
a->CreateDateTime = CfgGetInt64(f, "CreateDateTime");
a->UpdateDateTime = CfgGetInt64(f, "UpdateDateTime");
a->LastConnectDateTime = CfgGetInt64(f, "LastConnectDateTime");
@ -10145,6 +10155,9 @@ void CiWriteAccountData(FOLDER *f, ACCOUNT *a)
// Server certificate check flag
CfgAddBool(f, "CheckServerCert", a->CheckServerCert);
// Retry on invalid server certificate flag
CfgAddBool(f, "RetryOnServerCert", a->RetryOnServerCert);
// Date and time
CfgAddInt64(f, "CreateDateTime", a->CreateDateTime);
CfgAddInt64(f, "UpdateDateTime", a->UpdateDateTime);

View File

@ -170,6 +170,7 @@ struct ACCOUNT
CLIENT_OPTION *ClientOption; // Client Option
CLIENT_AUTH *ClientAuth; // Client authentication data
bool CheckServerCert; // Check the server certificate
bool RetryOnServerCert; // Retry on invalid server certificate
X *ServerCert; // Server certificate
bool StartupAccount; // Start-up account
UCHAR ShortcutKey[SHA1_SIZE]; // Key
@ -347,6 +348,7 @@ struct RPC_CLIENT_CREATE_ACCOUNT
CLIENT_AUTH *ClientAuth; // Client authentication data
bool StartupAccount; // Startup account
bool CheckServerCert; // Checking of the server certificate
bool RetryOnServerCert; // Retry on invalid server certificate
X *ServerCert; // Server certificate
UCHAR ShortcutKey[SHA1_SIZE]; // Shortcut Key
};
@ -399,6 +401,7 @@ struct RPC_CLIENT_GET_ACCOUNT
CLIENT_AUTH *ClientAuth; // Client authentication data
bool StartupAccount; // Startup account
bool CheckServerCert; // Check the server certificate
bool RetryOnServerCert; // Retry on invalid server certificate
X *ServerCert; // Server certificate
UCHAR ShortcutKey[SHA1_SIZE]; // Shortcut Key
UINT64 CreateDateTime; // Creation date and time (Ver 3.0 or later)

View File

@ -3100,6 +3100,8 @@ void PcMain(PC *pc)
{"AccountProxySocks", PcAccountProxySocks},
{"AccountServerCertEnable", PcAccountServerCertEnable},
{"AccountServerCertDisable", PcAccountServerCertDisable},
{"AccountRetryOnServerCertEnable", PcAccountRetryOnServerCertEnable},
{"AccountRetryOnServerCertDisable", PcAccountRetryOnServerCertDisable},
{"AccountServerCertSet", PcAccountServerCertSet},
{"AccountServerCertDelete", PcAccountServerCertDelete},
{"AccountServerCertGet", PcAccountServerCertGet},
@ -4328,6 +4330,7 @@ UINT PcAccountSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
c.ClientAuth = t.ClientAuth;
c.ClientOption = t.ClientOption;
c.CheckServerCert = t.CheckServerCert;
c.RetryOnServerCert = t.RetryOnServerCert;
c.ServerCert = t.ServerCert;
c.StartupAccount = t.StartupAccount;
@ -4427,6 +4430,12 @@ UINT PcAccountGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
CtInsert(ct, _UU("CMD_ACCOUNT_COLUMN_SERVER_CERT_NAME"), tmp);
}
if (t.CheckServerCert)
{
CtInsert(ct, _UU("CMD_ACCOUNT_COLUMN_RETRY_ON_SERVER_CERT"),
t.RetryOnServerCert ? _UU("CMD_MSG_ENABLE") : _UU("CMD_MSG_DISABLE"));
}
// Device name to be used for the connection
StrToUni(tmp, sizeof(tmp), t.ClientOption->DeviceName);
CtInsert(ct, _UU("CMD_ACCOUNT_COLUMN_DEVICE_NAME"), tmp);
@ -4597,6 +4606,7 @@ UINT PcAccountUsernameSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -4654,6 +4664,7 @@ UINT PcAccountAnonymousSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -4735,6 +4746,7 @@ UINT PcAccountPasswordSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -4813,6 +4825,7 @@ UINT PcAccountCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -4933,6 +4946,7 @@ UINT PcAccountEncryptDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *par
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -4990,6 +5004,7 @@ UINT PcAccountEncryptEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *para
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -5047,6 +5062,7 @@ UINT PcAccountCompressEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *par
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -5104,6 +5120,7 @@ UINT PcAccountCompressDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *pa
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -5161,6 +5178,7 @@ UINT PcAccountProxyNone(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -5232,6 +5250,7 @@ UINT PcAccountProxyHttp(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -5303,6 +5322,7 @@ UINT PcAccountProxySocks(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -5360,6 +5380,7 @@ UINT PcAccountServerCertEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *p
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -5417,6 +5438,123 @@ UINT PcAccountServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
z.StartupAccount = t.StartupAccount;
ret = CcSetAccount(pc->RemoteClient, &z);
}
if (ret != ERR_NO_ERROR)
{
// Error has occurred
CmdPrintError(c, ret);
}
CiFreeClientGetAccount(&t);
// Release of the parameter list
FreeParamValueList(o);
return ret;
}
// Enable retry option of the invalid server certificate of connection settings
UINT PcAccountRetryOnServerCertEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
LIST *o;
PC *pc = (PC *)param;
UINT ret = ERR_NO_ERROR;
RPC_CLIENT_GET_ACCOUNT t;
// Parameter list that can be specified
PARAM args[] =
{
{"[name]", CmdPrompt, _UU("CMD_AccountCreate_Prompt_Name"), CmdEvalNotEmpty, NULL},
};
// Get the parameter list
o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0]));
if (o == NULL)
{
return ERR_INVALID_PARAMETER;
}
// RPC call
Zero(&t, sizeof(t));
UniStrCpy(t.AccountName, sizeof(t.AccountName), GetParamUniStr(o, "[name]"));
ret = CcGetAccount(pc->RemoteClient, &t);
if (ret == ERR_NO_ERROR)
{
RPC_CLIENT_CREATE_ACCOUNT z;
// Change the settings
t.RetryOnServerCert = true;
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
z.StartupAccount = t.StartupAccount;
ret = CcSetAccount(pc->RemoteClient, &z);
}
if (ret != ERR_NO_ERROR)
{
// Error has occurred
CmdPrintError(c, ret);
}
CiFreeClientGetAccount(&t);
// Release of the parameter list
FreeParamValueList(o);
return ret;
}
// Disable retry option of the invalid server certificate of connection settings
UINT PcAccountRetryOnServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
LIST *o;
PC *pc = (PC *)param;
UINT ret = ERR_NO_ERROR;
RPC_CLIENT_GET_ACCOUNT t;
// Parameter list that can be specified
PARAM args[] =
{
{"[name]", CmdPrompt, _UU("CMD_AccountCreate_Prompt_Name"), CmdEvalNotEmpty, NULL},
};
// Get the parameter list
o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0]));
if (o == NULL)
{
return ERR_INVALID_PARAMETER;
}
// RPC call
Zero(&t, sizeof(t));
UniStrCpy(t.AccountName, sizeof(t.AccountName), GetParamUniStr(o, "[name]"));
ret = CcGetAccount(pc->RemoteClient, &t);
if (ret == ERR_NO_ERROR)
{
RPC_CLIENT_CREATE_ACCOUNT z;
// Change the settings
t.RetryOnServerCert = false;
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -5488,6 +5626,7 @@ UINT PcAccountServerCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *para
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -5551,6 +5690,7 @@ UINT PcAccountServerCertDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *p
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -5613,6 +5753,7 @@ UINT PcAccountServerCertGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *para
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -5946,6 +6087,7 @@ UINT PcAccountNicSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
c.ClientAuth = t.ClientAuth;
c.ClientOption = t.ClientOption;
c.CheckServerCert = t.CheckServerCert;
c.RetryOnServerCert = t.RetryOnServerCert;
c.ServerCert = t.ServerCert;
c.StartupAccount = t.StartupAccount;
@ -6001,6 +6143,7 @@ UINT PcAccountStatusShow(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -6058,6 +6201,7 @@ UINT PcAccountStatusHide(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -6121,6 +6265,7 @@ UINT PcAccountSecureCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *para
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -6190,6 +6335,7 @@ UINT PcAccountRetrySet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -6248,6 +6394,7 @@ UINT PcAccountStartupSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;
@ -6305,6 +6452,7 @@ UINT PcAccountStartupRemove(CONSOLE *c, char *cmd_name, wchar_t *str, void *para
Zero(&z, sizeof(z));
z.CheckServerCert = t.CheckServerCert;
z.RetryOnServerCert = t.RetryOnServerCert;
z.ClientAuth = t.ClientAuth;
z.ClientOption = t.ClientOption;
z.ServerCert = t.ServerCert;

View File

@ -464,6 +464,8 @@ UINT PcAccountProxyHttp(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountProxySocks(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountServerCertEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountRetryOnServerCertEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountRetryOnServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountServerCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountServerCertDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountServerCertGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);

View File

@ -4916,7 +4916,8 @@ REDIRECTED:
c->Err = ERR_SERVER_CERT_EXPIRES;
}
if (c->Session->LinkModeClient == false && c->Err == ERR_CERT_NOT_TRUSTED)
if (c->Session->LinkModeClient == false && c->Err == ERR_CERT_NOT_TRUSTED
&& (c->Session->Account == NULL || ! c->Session->Account->RetryOnServerCert))
{
c->Session->ForceStopFlag = true;
}

View File

@ -4374,6 +4374,7 @@ CMD_ACCOUNT_COLUMN_PROXY_PORT 代理服务器的端口号
CMD_ACCOUNT_COLUMN_PROXY_USERNAME 代理服务器的用户名
CMD_ACCOUNT_COLUMN_SERVER_CERT_USE 验证服务器证书
CMD_ACCOUNT_COLUMN_SERVER_CERT_NAME 注册的服务器个人证书
CMD_ACCOUNT_COLUMN_RETRY_ON_SERVER_CERT Retry on Untrusted Server Certificate
CMD_ACCOUNT_COLUMN_DEVICE_NAME 用于连接的设备名
CMD_ACCOUNT_COLUMN_AUTH_TYPE 验证类型
CMD_ACCOUNT_COLUMN_AUTH_USERNAME 用户名
@ -6635,6 +6636,20 @@ CMD_AccountServerCertDisable_Args AccountServerCertDisable [name]
CMD_AccountServerCertDisable_[name] 指定要更改设置的连接设置名。
# AccountRetryOnServerCertEnable command
CMD_AccountRetryOnServerCertEnable Enable VPN connection retry if server certificate is untrusted
CMD_AccountRetryOnServerCertEnable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to enable the option to retry connection if Server certificate cannot be trusted.
CMD_AccountRetryOnServerCertEnable_Args AccountRetryOnServerCertEnable [name]
CMD_AccountRetryOnServerCertEnable_[name] Specify the name of the VPN Connection Setting whose setting you want to change.
# AccountRetryOnServerCertDisable command
CMD_AccountRetryOnServerCertDisable Enable VPN connection retry if server certificate is invalid
CMD_AccountRetryOnServerCertDisable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to disable the option to retry connection if Server certificate cannot be trusted.
CMD_AccountRetryOnServerCertDisable_Args AccountRetryOnServerCertEnable [name]
CMD_AccountRetryOnServerCertDisable_[name] Specify the name of the VPN Connection Setting whose setting you want to change.
# AccountServerCertSet 命令
CMD_AccountServerCertSet 设置连接设置的服务器固有证明书
CMD_AccountServerCertSet_Help 指定注册到 VPN Client 的连接设置,其连接设置连接到 VPN Server 时,预先注册与连接目标的 VPN Server 提交的 SSL 证书相同的证书。\n如果启动了连接设置的服务器证书验证选项可以预先将连接目标服务器的 SSL 证书以此指令保存在连接设置的设置内,或需要将服务器的 SSL 证书签名了的根证书,以 CAAdd 指令注册到虚拟 HUB 信任的证明机构的证书列表中。\n验证连接设置的服务器证书的选项处于启动状态连接了的 VPN Server 的证书不可信时,立即解除连接,反复重试。

View File

@ -4357,6 +4357,7 @@ CMD_ACCOUNT_COLUMN_PROXY_PORT Proxy Server Port Number
CMD_ACCOUNT_COLUMN_PROXY_USERNAME Proxy Server User Name
CMD_ACCOUNT_COLUMN_SERVER_CERT_USE Verify Server Certificate
CMD_ACCOUNT_COLUMN_SERVER_CERT_NAME Registered Server Individual Certificate
CMD_ACCOUNT_COLUMN_RETRY_ON_SERVER_CERT Retry on Untrusted Server Certificate
CMD_ACCOUNT_COLUMN_DEVICE_NAME Device Name Used for Connection
CMD_ACCOUNT_COLUMN_AUTH_TYPE Authentication Type
CMD_ACCOUNT_COLUMN_AUTH_USERNAME User Name
@ -6621,6 +6622,20 @@ CMD_AccountServerCertDisable_Args AccountServerCertDisable [name]
CMD_AccountServerCertDisable_[name] Specify the name of the VPN Connection Setting whose setting you want to change.
# AccountRetryOnServerCertEnable command
CMD_AccountRetryOnServerCertEnable Enable VPN connection retry if server certificate is invalid
CMD_AccountRetryOnServerCertEnable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to enable the option to retry connection if Server certificate cannot be trusted.
CMD_AccountRetryOnServerCertEnable_Args AccountRetryOnServerCertEnable [name]
CMD_AccountRetryOnServerCertEnable_[name] Specify the name of the VPN Connection Setting whose setting you want to change.
# AccountRetryOnServerCertDisable command
CMD_AccountRetryOnServerCertDisable Enable VPN connection retry if server certificate is invalid
CMD_AccountRetryOnServerCertDisable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to disable the option to retry connection if Server certificate cannot be trusted.
CMD_AccountRetryOnServerCertDisable_Args AccountRetryOnServerCertEnable [name]
CMD_AccountRetryOnServerCertDisable_[name] Specify the name of the VPN Connection Setting whose setting you want to change.
# AccountServerCertSet command
CMD_AccountServerCertSet Set Server Individual Certificate for VPN Connection Setting
CMD_AccountServerCertSet_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to register the same certificate as the SSL certificate provided by the destination VPN Server. \nIf the option to verify server certificates for VPN Connection Settings is enabled, you must either use this command to save the connection destination server SSL certificate beforehand in the VPN Connection Setting settings beforehand, or use the CAAdd command etc. to register a root certificate containing the signed server SSL certificate in the list of Virtual Hub trusted CA certificates. \nIf the certificate of the connected VPN Server cannot be trusted under the condition where the option to verify server certificates has been enabled for the VPN Connection Setting, the connection will be promptly cancelled and continual reattempts at connection will be made.

View File

@ -4361,6 +4361,7 @@ CMD_ACCOUNT_COLUMN_PROXY_PORT プロキシサーバーのポート番号
CMD_ACCOUNT_COLUMN_PROXY_USERNAME プロキシサーバーのユーザー名
CMD_ACCOUNT_COLUMN_SERVER_CERT_USE サーバー証明書の検証
CMD_ACCOUNT_COLUMN_SERVER_CERT_NAME 登録されているサーバー固有証明書
CMD_ACCOUNT_COLUMN_RETRY_ON_SERVER_CERT Retry on Untrusted Server Certificate
CMD_ACCOUNT_COLUMN_DEVICE_NAME 接続に使用するデバイス名
CMD_ACCOUNT_COLUMN_AUTH_TYPE 認証の種類
CMD_ACCOUNT_COLUMN_AUTH_USERNAME ユーザー名
@ -6627,6 +6628,20 @@ CMD_AccountServerCertDisable_Args AccountServerCertDisable [name]
CMD_AccountServerCertDisable_[name] 設定を変更する接続設定の名前を指定します。
# AccountRetryOnServerCertEnable command
CMD_AccountRetryOnServerCertEnable Enable VPN connection retry if server certificate is untrusted
CMD_AccountRetryOnServerCertEnable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to enable the option to retry connection if Server certificate cannot be trusted.
CMD_AccountRetryOnServerCertEnable_Args AccountRetryOnServerCertEnable [name]
CMD_AccountRetryOnServerCertEnable_[name] Specify the name of the VPN Connection Setting whose setting you want to change.
# AccountRetryOnServerCertDisable command
CMD_AccountRetryOnServerCertDisable Enable VPN connection retry if server certificate is invalid
CMD_AccountRetryOnServerCertDisable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to disable the option to retry connection if Server certificate cannot be trusted.
CMD_AccountRetryOnServerCertDisable_Args AccountRetryOnServerCertEnable [name]
CMD_AccountRetryOnServerCertDisable_[name] Specify the name of the VPN Connection Setting whose setting you want to change.
# AccountServerCertSet コマンド
CMD_AccountServerCertSet 接続設定のサーバー固有証明書の設定
CMD_AccountServerCertSet_Help VPN Client に登録されている接続設定を指定し、その接続設定が VPN Server に対して接続する際に、接続先の VPN Server の提示する SSL 証明書と同じ証明書をあらかじめ登録します。\n接続設定のサーバー証明書の検証オプションが有効になっている場合、接続先サーバーの SSL 証明書をあらかじめこのコマンドで接続設定設定内に保存しておくか、または仮想 HUB の信頼する証明機関の証明書一覧に、サーバーの SSL 証明書を署名したルート証明書を CAAdd コマンドなどで登録しておく必要があります。\n接続設定のサーバー証明書の検証オプションが有効になっている状態で、接続した VPN Server の証明書が信頼できない場合、直ちに接続を解除して再試行を繰り返します。

View File

@ -4356,6 +4356,7 @@ CMD_ACCOUNT_COLUMN_PROXY_PORT 프록시 서버의 포트 번호
CMD_ACCOUNT_COLUMN_PROXY_USERNAME 프록시 서버의 사용자 이름
CMD_ACCOUNT_COLUMN_SERVER_CERT_USE 서버 인증서 확인
CMD_ACCOUNT_COLUMN_SERVER_CERT_NAME 등록 된 서버 별 인증서
CMD_ACCOUNT_COLUMN_RETRY_ON_SERVER_CERT Retry on Untrusted Server Certificate
CMD_ACCOUNT_COLUMN_DEVICE_NAME 연결에 사용할 장치 이름
CMD_ACCOUNT_COLUMN_AUTH_TYPE 인증의 종류
CMD_ACCOUNT_COLUMN_AUTH_USERNAME 사용자 이름
@ -6620,6 +6621,20 @@ CMD_AccountServerCertDisable_Args AccountServerCertDisable [name]
CMD_AccountServerCertDisable_ [name] 설정을 변경하려면 연결 설정의 이름을 지정합니다.
# AccountRetryOnServerCertEnable command
CMD_AccountRetryOnServerCertEnable Enable VPN connection retry if server certificate is untrusted
CMD_AccountRetryOnServerCertEnable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to enable the option to retry connection if Server certificate cannot be trusted.
CMD_AccountRetryOnServerCertEnable_Args AccountRetryOnServerCertEnable [name]
CMD_AccountRetryOnServerCertEnable_[name] Specify the name of the VPN Connection Setting whose setting you want to change.
# AccountRetryOnServerCertDisable command
CMD_AccountRetryOnServerCertDisable Enable VPN connection retry if server certificate is invalid
CMD_AccountRetryOnServerCertDisable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to disable the option to retry connection if Server certificate cannot be trusted.
CMD_AccountRetryOnServerCertDisable_Args AccountRetryOnServerCertEnable [name]
CMD_AccountRetryOnServerCertDisable_[name] Specify the name of the VPN Connection Setting whose setting you want to change.
# AccountServerCertSet 명령
CMD_AccountServerCertSet 연결 설정 서버 별 인증서 설정
CMD_AccountServerCertSet_Help VPN Client에 등록되어있는 연결 설정을 지정하고 연결 설정 VPN Server에 연결할 때 연결하려는 VPN Server가 제시하는 SSL 인증서와 동일한 인증서를 미리 등록합니다. \n 연결 설정 서버 인증서 검증 옵션이 활성화되어있는 경우 연결할 서버의 SSL 인증서를 미리이 명령에서 연결 설정 설정에 저장할하거나 가상 HUB 신뢰하는 인증 기관 인증서 목록에 서버의 SSL 인증서를 서명 한 루트 인증서를 CAAdd 명령 등으로 등록되어 있어야합니다. \n 연결 설정 서버 인증서 검증 옵션이 활성화되어있는 상태에서 연결 한 VPN Server의 인증서를 신뢰할 수없는 경우 즉시 연결을 해제하고 재 시도를 반복합니다.

View File

@ -4374,6 +4374,7 @@ CMD_ACCOUNT_COLUMN_PROXY_PORT 代理伺服器的埠號
CMD_ACCOUNT_COLUMN_PROXY_USERNAME 代理伺服器的用戶名
CMD_ACCOUNT_COLUMN_SERVER_CERT_USE 驗證伺服器憑證
CMD_ACCOUNT_COLUMN_SERVER_CERT_NAME 註冊的伺服器個人證書
CMD_ACCOUNT_COLUMN_RETRY_ON_SERVER_CERT Retry on Untrusted Server Certificate
CMD_ACCOUNT_COLUMN_DEVICE_NAME 用於連接的設備名
CMD_ACCOUNT_COLUMN_AUTH_TYPE 驗證類型
CMD_ACCOUNT_COLUMN_AUTH_USERNAME 用戶名
@ -6636,6 +6637,20 @@ CMD_AccountServerCertDisable_Args AccountServerCertDisable [name]
CMD_AccountServerCertDisable_[name] 指定要更改設置的連接設置名。
# AccountRetryOnServerCertEnable command
CMD_AccountRetryOnServerCertEnable Enable VPN connection retry if server certificate is untrusted
CMD_AccountRetryOnServerCertEnable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to enable the option to retry connection if Server certificate cannot be trusted.
CMD_AccountRetryOnServerCertEnable_Args AccountRetryOnServerCertEnable [name]
CMD_AccountRetryOnServerCertEnable_[name] Specify the name of the VPN Connection Setting whose setting you want to change.
# AccountRetryOnServerCertDisable command
CMD_AccountRetryOnServerCertDisable Enable VPN connection retry if server certificate is invalid
CMD_AccountRetryOnServerCertDisable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to disable the option to retry connection if Server certificate cannot be trusted.
CMD_AccountRetryOnServerCertDisable_Args AccountRetryOnServerCertEnable [name]
CMD_AccountRetryOnServerCertDisable_[name] Specify the name of the VPN Connection Setting whose setting you want to change.
# AccountServerCertSet 命令
CMD_AccountServerCertSet 設置連接設置的伺服器固有證明書
CMD_AccountServerCertSet_Help 指定註冊到 VPN Client 的連接設置,其連接設置連接到 VPN Server 時,預先註冊與連接目標的 VPN Server 提交的 SSL 證書相同的證書。\n如果啟動了連接設置的伺服器憑證驗證選項可以預先將連接目標伺服器的 SSL 證書以此指令保存在連接設置的設置內,或需要將伺服器的 SSL 證書簽名了的根證書,以 CAAdd 指令註冊到虛擬 HUB 信任的證明機構的證書列表中。\n驗證連接設置的伺服器憑證的選項處於啟動狀態連接了的 VPN Server 的證書不可信時,立即解除連接,反復重試。