diff --git a/src/Cedar/CM.c b/src/Cedar/CM.c index c0e13a1a..ea0f6cfd 100644 --- a/src/Cedar/CM.c +++ b/src/Cedar/CM.c @@ -6242,6 +6242,7 @@ void CmExportAccount(HWND hWnd, wchar_t *account_name) t.ClientAuth = a->ClientAuth; t.StartupAccount = a->Startup; t.CheckServerCert = a->CheckServerCert; + t.RetryOnServerCert = a->RetryOnServerCert; t.ServerCert = a->ServerCert; t.ClientOption->FromAdminPack = false; @@ -6381,6 +6382,7 @@ void CmImportAccountMainEx(HWND hWnd, wchar_t *filename, bool overwrite) // Other Settings t->StartupAccount = get.StartupAccount; t->CheckServerCert = get.CheckServerCert; + t->RetryOnServerCert = get.RetryOnServerCert; if (t->ServerCert != NULL) { FreeX(t->ServerCert); @@ -6489,6 +6491,7 @@ void CmCopyAccount(HWND hWnd, wchar_t *account_name) c.ServerCert = CloneX(a->ServerCert); } c.CheckServerCert = a->CheckServerCert; + c.RetryOnServerCert = a->RetryOnServerCert; c.StartupAccount = false; // Don't copy the startup attribute CALL(hWnd, CcCreateAccount(cm->Client, &c)); @@ -8899,6 +8902,7 @@ CM_ACCOUNT *CmGetExistAccountObject(HWND hWnd, wchar_t *account_name) a = ZeroMalloc(sizeof(CM_ACCOUNT)); a->EditMode = true; a->CheckServerCert = c.CheckServerCert; + a->RetryOnServerCert = c.RetryOnServerCert; a->Startup = c.StartupAccount; if (c.ServerCert != NULL) { @@ -8928,6 +8932,7 @@ CM_ACCOUNT *CmCreateNewAccountObject(HWND hWnd) a = ZeroMalloc(sizeof(CM_ACCOUNT)); a->EditMode = false; a->CheckServerCert = false; + a->RetryOnServerCert = false; a->Startup = false; a->ClientOption = ZeroMalloc(sizeof(CLIENT_OPTION)); diff --git a/src/Cedar/CMInner.h b/src/Cedar/CMInner.h index 2d2820da..94d9f55e 100644 --- a/src/Cedar/CMInner.h +++ b/src/Cedar/CMInner.h @@ -236,6 +236,7 @@ typedef struct CM_ACCOUNT CLIENT_AUTH *ClientAuth; // Authentication data bool Startup; // Startup account bool CheckServerCert; // Check the server certificate + bool RetryOnServerCert; // Retry on invalid server certificate X *ServerCert; // Server certificate char old_server_name[MAX_HOST_NAME_LEN + 1]; // Old server name bool Inited; // Initialization flag diff --git a/src/Cedar/Client.c b/src/Cedar/Client.c index 2a60c80e..bc8d1d57 100644 --- a/src/Cedar/Client.c +++ b/src/Cedar/Client.c @@ -2144,6 +2144,7 @@ RPC_CLIENT_CREATE_ACCOUNT *CiCfgToAccount(BUF *b) t->ClientAuth = a->ClientAuth; t->StartupAccount = a->StartupAccount; t->CheckServerCert = a->CheckServerCert; + t->RetryOnServerCert = a->RetryOnServerCert; t->ServerCert = a->ServerCert; Free(a); @@ -2167,6 +2168,7 @@ BUF *CiAccountToCfg(RPC_CLIENT_CREATE_ACCOUNT *t) a.ClientOption = t->ClientOption; a.ClientAuth = t->ClientAuth; a.CheckServerCert = t->CheckServerCert; + a.RetryOnServerCert = t->RetryOnServerCert; a.ServerCert = t->ServerCert; a.StartupAccount = t->StartupAccount; @@ -4706,6 +4708,7 @@ void InRpcClientCreateAccount(RPC_CLIENT_CREATE_ACCOUNT *c, PACK *p) c->StartupAccount = PackGetInt(p, "StartupAccount") ? true : false; c->CheckServerCert = PackGetInt(p, "CheckServerCert") ? true : false; + c->RetryOnServerCert = PackGetInt(p, "RetryOnServerCert") ? true : false; b = PackGetBuf(p, "ServerCert"); if (b != NULL) { @@ -4728,6 +4731,7 @@ void OutRpcClientCreateAccount(PACK *p, RPC_CLIENT_CREATE_ACCOUNT *c) PackAddInt(p, "StartupAccount", c->StartupAccount); PackAddInt(p, "CheckServerCert", c->CheckServerCert); + PackAddInt(p, "RetryOnServerCert", c->RetryOnServerCert); if (c->ServerCert != NULL) { b = XToBuf(c->ServerCert, false); @@ -4875,6 +4879,7 @@ void InRpcClientGetAccount(RPC_CLIENT_GET_ACCOUNT *c, PACK *p) PackGetUniStr(p, "AccountName", c->AccountName, sizeof(c->AccountName)); c->StartupAccount = PackGetInt(p, "StartupAccount") ? true : false; c->CheckServerCert = PackGetInt(p, "CheckServerCert") ? true : false; + c->RetryOnServerCert = PackGetInt(p, "RetryOnServerCert") ? true : false; b = PackGetBuf(p, "ServerCert"); if (b != NULL) { @@ -4903,6 +4908,7 @@ void OutRpcClientGetAccount(PACK *p, RPC_CLIENT_GET_ACCOUNT *c) PackAddUniStr(p, "AccountName", c->AccountName); PackAddInt(p, "StartupAccount", c->StartupAccount); PackAddInt(p, "CheckServerCert", c->CheckServerCert); + PackAddInt(p, "RetryOnServerCert", c->RetryOnServerCert); if (c->ServerCert != NULL) { @@ -6802,6 +6808,7 @@ bool CtGetAccount(CLIENT *c, RPC_CLIENT_GET_ACCOUNT *a) a->StartupAccount = r->StartupAccount; a->CheckServerCert = r->CheckServerCert; + a->RetryOnServerCert = r->RetryOnServerCert; a->ServerCert = NULL; if (r->ServerCert != NULL) { @@ -7342,6 +7349,7 @@ bool CtSetAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner) ret->StartupAccount = a->StartupAccount; ret->CheckServerCert = a->CheckServerCert; + ret->RetryOnServerCert = a->RetryOnServerCert; if (a->ServerCert != NULL) { @@ -7448,6 +7456,7 @@ bool CtCreateAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner) new_account->StartupAccount = a->StartupAccount; new_account->CheckServerCert = a->CheckServerCert; + new_account->RetryOnServerCert = a->RetryOnServerCert; if (a->ServerCert != NULL) { new_account->ServerCert = CloneX(a->ServerCert); @@ -9623,6 +9632,7 @@ ACCOUNT *CiLoadClientAccount(FOLDER *f) a->StartupAccount = CfgGetBool(f, "StartupAccount"); a->CheckServerCert = CfgGetBool(f, "CheckServerCert"); + a->RetryOnServerCert = CfgGetBool(f, "RetryOnServerCert"); a->CreateDateTime = CfgGetInt64(f, "CreateDateTime"); a->UpdateDateTime = CfgGetInt64(f, "UpdateDateTime"); a->LastConnectDateTime = CfgGetInt64(f, "LastConnectDateTime"); @@ -10239,6 +10249,9 @@ void CiWriteAccountData(FOLDER *f, ACCOUNT *a) // Server certificate check flag CfgAddBool(f, "CheckServerCert", a->CheckServerCert); + // Retry on invalid server certificate flag + CfgAddBool(f, "RetryOnServerCert", a->RetryOnServerCert); + // Date and time CfgAddInt64(f, "CreateDateTime", a->CreateDateTime); CfgAddInt64(f, "UpdateDateTime", a->UpdateDateTime); diff --git a/src/Cedar/Client.h b/src/Cedar/Client.h index 205f1d11..75718089 100644 --- a/src/Cedar/Client.h +++ b/src/Cedar/Client.h @@ -170,6 +170,7 @@ struct ACCOUNT CLIENT_OPTION *ClientOption; // Client Option CLIENT_AUTH *ClientAuth; // Client authentication data bool CheckServerCert; // Check the server certificate + bool RetryOnServerCert; // Retry on invalid server certificate X *ServerCert; // Server certificate bool StartupAccount; // Start-up account UCHAR ShortcutKey[SHA1_SIZE]; // Key @@ -348,6 +349,7 @@ struct RPC_CLIENT_CREATE_ACCOUNT CLIENT_AUTH *ClientAuth; // Client authentication data bool StartupAccount; // Startup account bool CheckServerCert; // Checking of the server certificate + bool RetryOnServerCert; // Retry on invalid server certificate X *ServerCert; // Server certificate UCHAR ShortcutKey[SHA1_SIZE]; // Shortcut Key }; @@ -400,6 +402,7 @@ struct RPC_CLIENT_GET_ACCOUNT CLIENT_AUTH *ClientAuth; // Client authentication data bool StartupAccount; // Startup account bool CheckServerCert; // Check the server certificate + bool RetryOnServerCert; // Retry on invalid server certificate X *ServerCert; // Server certificate UCHAR ShortcutKey[SHA1_SIZE]; // Shortcut Key UINT64 CreateDateTime; // Creation date and time (Ver 3.0 or later) diff --git a/src/Cedar/Command.c b/src/Cedar/Command.c index 0538b7f3..7f380b33 100644 --- a/src/Cedar/Command.c +++ b/src/Cedar/Command.c @@ -3100,6 +3100,8 @@ void PcMain(PC *pc) {"AccountProxySocks", PcAccountProxySocks}, {"AccountServerCertEnable", PcAccountServerCertEnable}, {"AccountServerCertDisable", PcAccountServerCertDisable}, + {"AccountRetryOnServerCertEnable", PcAccountRetryOnServerCertEnable}, + {"AccountRetryOnServerCertDisable", PcAccountRetryOnServerCertDisable}, {"AccountServerCertSet", PcAccountServerCertSet}, {"AccountServerCertDelete", PcAccountServerCertDelete}, {"AccountServerCertGet", PcAccountServerCertGet}, @@ -4331,6 +4333,7 @@ UINT PcAccountSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) c.ClientAuth = t.ClientAuth; c.ClientOption = t.ClientOption; c.CheckServerCert = t.CheckServerCert; + c.RetryOnServerCert = t.RetryOnServerCert; c.ServerCert = t.ServerCert; c.StartupAccount = t.StartupAccount; @@ -4430,6 +4433,12 @@ UINT PcAccountGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) CtInsert(ct, _UU("CMD_ACCOUNT_COLUMN_SERVER_CERT_NAME"), tmp); } + if (t.CheckServerCert) + { + CtInsert(ct, _UU("CMD_ACCOUNT_COLUMN_RETRY_ON_SERVER_CERT"), + t.RetryOnServerCert ? _UU("CMD_MSG_ENABLE") : _UU("CMD_MSG_DISABLE")); + } + // Device name to be used for the connection StrToUni(tmp, sizeof(tmp), t.ClientOption->DeviceName); CtInsert(ct, _UU("CMD_ACCOUNT_COLUMN_DEVICE_NAME"), tmp); @@ -4600,6 +4609,7 @@ UINT PcAccountUsernameSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -4657,6 +4667,7 @@ UINT PcAccountAnonymousSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -4738,6 +4749,7 @@ UINT PcAccountPasswordSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) { Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -4816,6 +4828,7 @@ UINT PcAccountCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -4936,6 +4949,7 @@ UINT PcAccountEncryptDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *par Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -4993,6 +5007,7 @@ UINT PcAccountEncryptEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *para Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -5050,6 +5065,7 @@ UINT PcAccountCompressEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *par Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -5107,6 +5123,7 @@ UINT PcAccountCompressDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *pa Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -5164,6 +5181,7 @@ UINT PcAccountProxyNone(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -5235,6 +5253,7 @@ UINT PcAccountProxyHttp(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -5306,6 +5325,7 @@ UINT PcAccountProxySocks(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -5363,6 +5383,7 @@ UINT PcAccountServerCertEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *p Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -5420,6 +5441,123 @@ UINT PcAccountServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void * Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; + z.ClientAuth = t.ClientAuth; + z.ClientOption = t.ClientOption; + z.ServerCert = t.ServerCert; + z.StartupAccount = t.StartupAccount; + + ret = CcSetAccount(pc->RemoteClient, &z); + } + + if (ret != ERR_NO_ERROR) + { + // Error has occurred + CmdPrintError(c, ret); + } + + CiFreeClientGetAccount(&t); + + // Release of the parameter list + FreeParamValueList(o); + + return ret; +} + +// Enable retry option of the invalid server certificate of connection settings +UINT PcAccountRetryOnServerCertEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) +{ + LIST *o; + PC *pc = (PC *)param; + UINT ret = ERR_NO_ERROR; + RPC_CLIENT_GET_ACCOUNT t; + // Parameter list that can be specified + PARAM args[] = + { + {"[name]", CmdPrompt, _UU("CMD_AccountCreate_Prompt_Name"), CmdEvalNotEmpty, NULL}, + }; + + // Get the parameter list + o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0])); + if (o == NULL) + { + return ERR_INVALID_PARAMETER; + } + + // RPC call + Zero(&t, sizeof(t)); + + UniStrCpy(t.AccountName, sizeof(t.AccountName), GetParamUniStr(o, "[name]")); + + ret = CcGetAccount(pc->RemoteClient, &t); + + if (ret == ERR_NO_ERROR) + { + RPC_CLIENT_CREATE_ACCOUNT z; + // Change the settings + t.RetryOnServerCert = true; + + Zero(&z, sizeof(z)); + z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; + z.ClientAuth = t.ClientAuth; + z.ClientOption = t.ClientOption; + z.ServerCert = t.ServerCert; + z.StartupAccount = t.StartupAccount; + + ret = CcSetAccount(pc->RemoteClient, &z); + } + + if (ret != ERR_NO_ERROR) + { + // Error has occurred + CmdPrintError(c, ret); + } + + CiFreeClientGetAccount(&t); + + // Release of the parameter list + FreeParamValueList(o); + + return ret; +} + +// Disable retry option of the invalid server certificate of connection settings +UINT PcAccountRetryOnServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) +{ + LIST *o; + PC *pc = (PC *)param; + UINT ret = ERR_NO_ERROR; + RPC_CLIENT_GET_ACCOUNT t; + // Parameter list that can be specified + PARAM args[] = + { + {"[name]", CmdPrompt, _UU("CMD_AccountCreate_Prompt_Name"), CmdEvalNotEmpty, NULL}, + }; + + // Get the parameter list + o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0])); + if (o == NULL) + { + return ERR_INVALID_PARAMETER; + } + + // RPC call + Zero(&t, sizeof(t)); + + UniStrCpy(t.AccountName, sizeof(t.AccountName), GetParamUniStr(o, "[name]")); + + ret = CcGetAccount(pc->RemoteClient, &t); + + if (ret == ERR_NO_ERROR) + { + RPC_CLIENT_CREATE_ACCOUNT z; + // Change the settings + t.RetryOnServerCert = false; + + Zero(&z, sizeof(z)); + z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -5491,6 +5629,7 @@ UINT PcAccountServerCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *para Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -5554,6 +5693,7 @@ UINT PcAccountServerCertDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *p Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -5616,6 +5756,7 @@ UINT PcAccountServerCertGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *para Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -5949,6 +6090,7 @@ UINT PcAccountNicSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) c.ClientAuth = t.ClientAuth; c.ClientOption = t.ClientOption; c.CheckServerCert = t.CheckServerCert; + c.RetryOnServerCert = t.RetryOnServerCert; c.ServerCert = t.ServerCert; c.StartupAccount = t.StartupAccount; @@ -6004,6 +6146,7 @@ UINT PcAccountStatusShow(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -6061,6 +6204,7 @@ UINT PcAccountStatusHide(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -6124,6 +6268,7 @@ UINT PcAccountSecureCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *para Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -6193,6 +6338,7 @@ UINT PcAccountRetrySet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -6251,6 +6397,7 @@ UINT PcAccountStartupSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; @@ -6308,6 +6455,7 @@ UINT PcAccountStartupRemove(CONSOLE *c, char *cmd_name, wchar_t *str, void *para Zero(&z, sizeof(z)); z.CheckServerCert = t.CheckServerCert; + z.RetryOnServerCert = t.RetryOnServerCert; z.ClientAuth = t.ClientAuth; z.ClientOption = t.ClientOption; z.ServerCert = t.ServerCert; diff --git a/src/Cedar/Command.h b/src/Cedar/Command.h index f2171541..8758c7b0 100644 --- a/src/Cedar/Command.h +++ b/src/Cedar/Command.h @@ -464,6 +464,8 @@ UINT PcAccountProxyHttp(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PcAccountProxySocks(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PcAccountServerCertEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PcAccountServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); +UINT PcAccountRetryOnServerCertEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); +UINT PcAccountRetryOnServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PcAccountServerCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PcAccountServerCertDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PcAccountServerCertGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); diff --git a/src/Cedar/Protocol.c b/src/Cedar/Protocol.c index a812c58a..0a641f71 100644 --- a/src/Cedar/Protocol.c +++ b/src/Cedar/Protocol.c @@ -4916,7 +4916,8 @@ REDIRECTED: c->Err = ERR_SERVER_CERT_EXPIRES; } - if (c->Session->LinkModeClient == false && c->Err == ERR_CERT_NOT_TRUSTED) + if (c->Session->LinkModeClient == false && c->Err == ERR_CERT_NOT_TRUSTED + && (c->Session->Account == NULL || ! c->Session->Account->RetryOnServerCert)) { c->Session->ForceStopFlag = true; } diff --git a/src/bin/hamcore/strtable_cn.stb b/src/bin/hamcore/strtable_cn.stb index 88b23ea0..18ae53ec 100644 --- a/src/bin/hamcore/strtable_cn.stb +++ b/src/bin/hamcore/strtable_cn.stb @@ -4374,6 +4374,7 @@ CMD_ACCOUNT_COLUMN_PROXY_PORT 代理服务器的端口号 CMD_ACCOUNT_COLUMN_PROXY_USERNAME 代理服务器的用户名 CMD_ACCOUNT_COLUMN_SERVER_CERT_USE 验证服务器证书 CMD_ACCOUNT_COLUMN_SERVER_CERT_NAME 注册的服务器个人证书 +CMD_ACCOUNT_COLUMN_RETRY_ON_SERVER_CERT Retry on Untrusted Server Certificate CMD_ACCOUNT_COLUMN_DEVICE_NAME 用于连接的设备名 CMD_ACCOUNT_COLUMN_AUTH_TYPE 验证类型 CMD_ACCOUNT_COLUMN_AUTH_USERNAME 用户名 @@ -6650,6 +6651,20 @@ CMD_AccountServerCertDisable_Args AccountServerCertDisable [name] CMD_AccountServerCertDisable_[name] 指定要更改设置的连接设置名。 +# AccountRetryOnServerCertEnable command +CMD_AccountRetryOnServerCertEnable Enable VPN connection retry if server certificate is untrusted +CMD_AccountRetryOnServerCertEnable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to enable the option to retry connection if Server certificate cannot be trusted. +CMD_AccountRetryOnServerCertEnable_Args AccountRetryOnServerCertEnable [name] +CMD_AccountRetryOnServerCertEnable_[name] Specify the name of the VPN Connection Setting whose setting you want to change. + + +# AccountRetryOnServerCertDisable command +CMD_AccountRetryOnServerCertDisable Enable VPN connection retry if server certificate is invalid +CMD_AccountRetryOnServerCertDisable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to disable the option to retry connection if Server certificate cannot be trusted. +CMD_AccountRetryOnServerCertDisable_Args AccountRetryOnServerCertEnable [name] +CMD_AccountRetryOnServerCertDisable_[name] Specify the name of the VPN Connection Setting whose setting you want to change. + + # AccountServerCertSet 命令 CMD_AccountServerCertSet 设置连接设置的服务器固有证明书 CMD_AccountServerCertSet_Help 指定注册到 VPN Client 的连接设置,其连接设置连接到 VPN Server 时,预先注册与连接目标的 VPN Server 提交的 SSL 证书相同的证书。\n如果启动了连接设置的服务器证书验证选项,可以预先将连接目标服务器的 SSL 证书以此指令保存在连接设置的设置内,或需要将服务器的 SSL 证书签名了的根证书,以 CAAdd 指令注册到虚拟 HUB 信任的证明机构的证书列表中。\n验证连接设置的服务器证书的选项处于启动状态,连接了的 VPN Server 的证书不可信时,立即解除连接,反复重试。 diff --git a/src/bin/hamcore/strtable_en.stb b/src/bin/hamcore/strtable_en.stb index cbd386a4..44593f4c 100644 --- a/src/bin/hamcore/strtable_en.stb +++ b/src/bin/hamcore/strtable_en.stb @@ -4357,6 +4357,7 @@ CMD_ACCOUNT_COLUMN_PROXY_PORT Proxy Server Port Number CMD_ACCOUNT_COLUMN_PROXY_USERNAME Proxy Server User Name CMD_ACCOUNT_COLUMN_SERVER_CERT_USE Verify Server Certificate CMD_ACCOUNT_COLUMN_SERVER_CERT_NAME Registered Server Individual Certificate +CMD_ACCOUNT_COLUMN_RETRY_ON_SERVER_CERT Retry on Untrusted Server Certificate CMD_ACCOUNT_COLUMN_DEVICE_NAME Device Name Used for Connection CMD_ACCOUNT_COLUMN_AUTH_TYPE Authentication Type CMD_ACCOUNT_COLUMN_AUTH_USERNAME User Name @@ -6636,6 +6637,20 @@ CMD_AccountServerCertDisable_Args AccountServerCertDisable [name] CMD_AccountServerCertDisable_[name] Specify the name of the VPN Connection Setting whose setting you want to change. +# AccountRetryOnServerCertEnable command +CMD_AccountRetryOnServerCertEnable Enable VPN connection retry if server certificate is invalid +CMD_AccountRetryOnServerCertEnable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to enable the option to retry connection if Server certificate cannot be trusted. +CMD_AccountRetryOnServerCertEnable_Args AccountRetryOnServerCertEnable [name] +CMD_AccountRetryOnServerCertEnable_[name] Specify the name of the VPN Connection Setting whose setting you want to change. + + +# AccountRetryOnServerCertDisable command +CMD_AccountRetryOnServerCertDisable Enable VPN connection retry if server certificate is invalid +CMD_AccountRetryOnServerCertDisable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to disable the option to retry connection if Server certificate cannot be trusted. +CMD_AccountRetryOnServerCertDisable_Args AccountRetryOnServerCertEnable [name] +CMD_AccountRetryOnServerCertDisable_[name] Specify the name of the VPN Connection Setting whose setting you want to change. + + # AccountServerCertSet command CMD_AccountServerCertSet Set Server Individual Certificate for VPN Connection Setting CMD_AccountServerCertSet_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to register the same certificate as the SSL certificate provided by the destination VPN Server. \nIf the option to verify server certificates for VPN Connection Settings is enabled, you must either use this command to save the connection destination server SSL certificate beforehand in the VPN Connection Setting settings beforehand, or use the CAAdd command etc. to register a root certificate containing the signed server SSL certificate in the list of Virtual Hub trusted CA certificates. \nIf the certificate of the connected VPN Server cannot be trusted under the condition where the option to verify server certificates has been enabled for the VPN Connection Setting, the connection will be promptly cancelled and continual reattempts at connection will be made. diff --git a/src/bin/hamcore/strtable_ja.stb b/src/bin/hamcore/strtable_ja.stb index 9b13c5ab..dbd7dc4f 100644 --- a/src/bin/hamcore/strtable_ja.stb +++ b/src/bin/hamcore/strtable_ja.stb @@ -4361,6 +4361,7 @@ CMD_ACCOUNT_COLUMN_PROXY_PORT プロキシサーバーのポート番号 CMD_ACCOUNT_COLUMN_PROXY_USERNAME プロキシサーバーのユーザー名 CMD_ACCOUNT_COLUMN_SERVER_CERT_USE サーバー証明書の検証 CMD_ACCOUNT_COLUMN_SERVER_CERT_NAME 登録されているサーバー固有証明書 +CMD_ACCOUNT_COLUMN_RETRY_ON_SERVER_CERT Retry on Untrusted Server Certificate CMD_ACCOUNT_COLUMN_DEVICE_NAME 接続に使用するデバイス名 CMD_ACCOUNT_COLUMN_AUTH_TYPE 認証の種類 CMD_ACCOUNT_COLUMN_AUTH_USERNAME ユーザー名 @@ -6642,6 +6643,20 @@ CMD_AccountServerCertDisable_Args AccountServerCertDisable [name] CMD_AccountServerCertDisable_[name] 設定を変更する接続設定の名前を指定します。 +# AccountRetryOnServerCertEnable command +CMD_AccountRetryOnServerCertEnable Enable VPN connection retry if server certificate is untrusted +CMD_AccountRetryOnServerCertEnable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to enable the option to retry connection if Server certificate cannot be trusted. +CMD_AccountRetryOnServerCertEnable_Args AccountRetryOnServerCertEnable [name] +CMD_AccountRetryOnServerCertEnable_[name] Specify the name of the VPN Connection Setting whose setting you want to change. + + +# AccountRetryOnServerCertDisable command +CMD_AccountRetryOnServerCertDisable Enable VPN connection retry if server certificate is invalid +CMD_AccountRetryOnServerCertDisable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to disable the option to retry connection if Server certificate cannot be trusted. +CMD_AccountRetryOnServerCertDisable_Args AccountRetryOnServerCertEnable [name] +CMD_AccountRetryOnServerCertDisable_[name] Specify the name of the VPN Connection Setting whose setting you want to change. + + # AccountServerCertSet コマンド CMD_AccountServerCertSet 接続設定のサーバー固有証明書の設定 CMD_AccountServerCertSet_Help VPN Client に登録されている接続設定を指定し、その接続設定が VPN Server に対して接続する際に、接続先の VPN Server の提示する SSL 証明書と同じ証明書をあらかじめ登録します。\n接続設定のサーバー証明書の検証オプションが有効になっている場合、接続先サーバーの SSL 証明書をあらかじめこのコマンドで接続設定設定内に保存しておくか、または仮想 HUB の信頼する証明機関の証明書一覧に、サーバーの SSL 証明書を署名したルート証明書を CAAdd コマンドなどで登録しておく必要があります。\n接続設定のサーバー証明書の検証オプションが有効になっている状態で、接続した VPN Server の証明書が信頼できない場合、直ちに接続を解除して再試行を繰り返します。 diff --git a/src/bin/hamcore/strtable_ko.stb b/src/bin/hamcore/strtable_ko.stb index 406ac1ac..daabad9a 100644 --- a/src/bin/hamcore/strtable_ko.stb +++ b/src/bin/hamcore/strtable_ko.stb @@ -4356,6 +4356,7 @@ CMD_ACCOUNT_COLUMN_PROXY_PORT 프록시 서버의 포트 번호 CMD_ACCOUNT_COLUMN_PROXY_USERNAME 프록시 서버의 사용자 이름 CMD_ACCOUNT_COLUMN_SERVER_CERT_USE 서버 인증서 확인 CMD_ACCOUNT_COLUMN_SERVER_CERT_NAME 등록 된 서버 별 인증서 +CMD_ACCOUNT_COLUMN_RETRY_ON_SERVER_CERT Retry on Untrusted Server Certificate CMD_ACCOUNT_COLUMN_DEVICE_NAME 연결에 사용할 장치 이름 CMD_ACCOUNT_COLUMN_AUTH_TYPE 인증의 종류 CMD_ACCOUNT_COLUMN_AUTH_USERNAME 사용자 이름 @@ -6635,6 +6636,20 @@ CMD_AccountServerCertDisable_Args AccountServerCertDisable [name] CMD_AccountServerCertDisable_ [name] 설정을 변경하려면 연결 설정의 이름을 지정합니다. +# AccountRetryOnServerCertEnable command +CMD_AccountRetryOnServerCertEnable Enable VPN connection retry if server certificate is untrusted +CMD_AccountRetryOnServerCertEnable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to enable the option to retry connection if Server certificate cannot be trusted. +CMD_AccountRetryOnServerCertEnable_Args AccountRetryOnServerCertEnable [name] +CMD_AccountRetryOnServerCertEnable_[name] Specify the name of the VPN Connection Setting whose setting you want to change. + + +# AccountRetryOnServerCertDisable command +CMD_AccountRetryOnServerCertDisable Enable VPN connection retry if server certificate is invalid +CMD_AccountRetryOnServerCertDisable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to disable the option to retry connection if Server certificate cannot be trusted. +CMD_AccountRetryOnServerCertDisable_Args AccountRetryOnServerCertEnable [name] +CMD_AccountRetryOnServerCertDisable_[name] Specify the name of the VPN Connection Setting whose setting you want to change. + + # AccountServerCertSet 명령 CMD_AccountServerCertSet 연결 설정 서버 별 인증서 설정 CMD_AccountServerCertSet_Help VPN Client에 등록되어있는 연결 설정을 지정하고 연결 설정 VPN Server에 연결할 때 연결하려는 VPN Server가 제시하는 SSL 인증서와 동일한 인증서를 미리 등록합니다. \n 연결 설정 서버 인증서 검증 옵션이 활성화되어있는 경우 연결할 서버의 SSL 인증서를 미리이 명령에서 연결 설정 설정에 저장할하거나 가상 HUB 신뢰하는 인증 기관 인증서 목록에 서버의 SSL 인증서를 서명 한 루트 인증서를 CAAdd 명령 등으로 등록되어 있어야합니다. \n 연결 설정 서버 인증서 검증 옵션이 활성화되어있는 상태에서 연결 한 VPN Server의 인증서를 신뢰할 수없는 경우 즉시 연결을 해제하고 재 시도를 반복합니다. diff --git a/src/bin/hamcore/strtable_tw.stb b/src/bin/hamcore/strtable_tw.stb index 78317dcb..5f0ceeb9 100644 --- a/src/bin/hamcore/strtable_tw.stb +++ b/src/bin/hamcore/strtable_tw.stb @@ -4374,6 +4374,7 @@ CMD_ACCOUNT_COLUMN_PROXY_PORT 代理伺服器的埠號 CMD_ACCOUNT_COLUMN_PROXY_USERNAME 代理伺服器的用戶名 CMD_ACCOUNT_COLUMN_SERVER_CERT_USE 驗證伺服器憑證 CMD_ACCOUNT_COLUMN_SERVER_CERT_NAME 註冊的伺服器個人證書 +CMD_ACCOUNT_COLUMN_RETRY_ON_SERVER_CERT Retry on Untrusted Server Certificate CMD_ACCOUNT_COLUMN_DEVICE_NAME 用於連接的設備名 CMD_ACCOUNT_COLUMN_AUTH_TYPE 驗證類型 CMD_ACCOUNT_COLUMN_AUTH_USERNAME 用戶名 @@ -6651,6 +6652,20 @@ CMD_AccountServerCertDisable_Args AccountServerCertDisable [name] CMD_AccountServerCertDisable_[name] 指定要更改設置的連接設置名。 +# AccountRetryOnServerCertEnable command +CMD_AccountRetryOnServerCertEnable Enable VPN connection retry if server certificate is untrusted +CMD_AccountRetryOnServerCertEnable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to enable the option to retry connection if Server certificate cannot be trusted. +CMD_AccountRetryOnServerCertEnable_Args AccountRetryOnServerCertEnable [name] +CMD_AccountRetryOnServerCertEnable_[name] Specify the name of the VPN Connection Setting whose setting you want to change. + + +# AccountRetryOnServerCertDisable command +CMD_AccountRetryOnServerCertDisable Enable VPN connection retry if server certificate is invalid +CMD_AccountRetryOnServerCertDisable_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting connects to a VPN Server, use this to disable the option to retry connection if Server certificate cannot be trusted. +CMD_AccountRetryOnServerCertDisable_Args AccountRetryOnServerCertEnable [name] +CMD_AccountRetryOnServerCertDisable_[name] Specify the name of the VPN Connection Setting whose setting you want to change. + + # AccountServerCertSet 命令 CMD_AccountServerCertSet 設置連接設置的伺服器固有證明書 CMD_AccountServerCertSet_Help 指定註冊到 VPN Client 的連接設置,其連接設置連接到 VPN Server 時,預先註冊與連接目標的 VPN Server 提交的 SSL 證書相同的證書。\n如果啟動了連接設置的伺服器憑證驗證選項,可以預先將連接目標伺服器的 SSL 證書以此指令保存在連接設置的設置內,或需要將伺服器的 SSL 證書簽名了的根證書,以 CAAdd 指令註冊到虛擬 HUB 信任的證明機構的證書列表中。\n驗證連接設置的伺服器憑證的選項處於啟動狀態,連接了的 VPN Server 的證書不可信時,立即解除連接,反復重試。