AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-07-10 01:34:58 +03:00
Code Releases Activity

Retry connection on untrusted server certificate

Browse Source 
With server certificate validation enabled, vpnclient unconditionally
stopped connection on untrusted server certificate. Added account
configuration parameter to retry connection if server certivicate failed
validation.
This commit is contained in:
Joshua Perry
2018-08-05 20:48:05 +02:00
committed by Davide Beatrici
parent 828d3b2ffb
commit 28e8d4bcce
12 changed files with 249 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/bin/hamcore/strtable_tw.stb
View File

@ -4374,6 +4374,7 @@ CMD_ACCOUNT_COLUMN_PROXY_PORT 代理伺服器的埠號
CMD_ACCOUNT_COLUMN_PROXY_USERNAME 代理伺服器的用戶名
CMD_ACCOUNT_COLUMN_SERVER_CERT_USE 驗證伺服器憑證
CMD_ACCOUNT_COLUMN_SERVER_CERT_NAME 註冊的伺服器個人證書
CMD_ACCOUNT_COLUMN_RETRY_ON_SERVER_CERT Retry on Untrusted Server Certificate
CMD_ACCOUNT_COLUMN_DEVICE_NAME 用於連接的設備名
CMD_ACCOUNT_COLUMN_AUTH_TYPE 驗證類型
CMD_ACCOUNT_COLUMN_AUTH_USERNAME 用戶名
@ -6636,6 +6637,20 @@ CMD_AccountServerCertDisable_Args AccountServerCertDisable [name]
CMD_AccountServerCertDisable_[name] 指定要更改設置的連接設置名。
# AccountRetryOnServerCertEnable command
CMD_AccountRetryOnServerCertEnable Enable VPN connection retry if server certificate is untrusted
CMD_AccountRetryOnServerCertEnable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to enable the option to retry connection if Server certificate cannot be trusted.
CMD_AccountRetryOnServerCertEnable_Args AccountRetryOnServerCertEnable [name]
CMD_AccountRetryOnServerCertEnable_[name] Specify the name of the VPN Connection Setting whose setting you want to change.
# AccountRetryOnServerCertDisable command
CMD_AccountRetryOnServerCertDisable Enable VPN connection retry if server certificate is invalid
CMD_AccountRetryOnServerCertDisable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to disable the option to retry connection if Server certificate cannot be trusted.
CMD_AccountRetryOnServerCertDisable_Args AccountRetryOnServerCertEnable [name]
CMD_AccountRetryOnServerCertDisable_[name] Specify the name of the VPN Connection Setting whose setting you want to change.
# AccountServerCertSet 命令
CMD_AccountServerCertSet 設置連接設置的伺服器固有證明書
CMD_AccountServerCertSet_Help 指定註冊到 VPN Client 的連接設置,其連接設置連接到 VPN Server 時,預先註冊與連接目標的 VPN Server 提交的 SSL 證書相同的證書。\n如果啟動了連接設置的伺服器憑證驗證選項可以預先將連接目標伺服器的 SSL 證書以此指令保存在連接設置的設置內,或需要將伺服器的 SSL 證書簽名了的根證書,以 CAAdd 指令註冊到虛擬 HUB 信任的證明機構的證書列表中。\n驗證連接設置的伺服器憑證的選項處於啟動狀態連接了的 VPN Server 的證書不可信時,立即解除連接,反復重試。