strongswan support for custom proposals
ClosedPublic

Authored by rrichmond on Tue, Sep 3, 10:10 PM.

Details

Summary

This patch brings feature parity with gnome's nm-connection-editor strongswan plugin. Enabling custom proposals is required in order to support connections to strict strong cipher endpoints, the default cipher list doesn't include eg: aes256gcm16-prfsha384-ecp384.

Diff Detail

Repository
R116 Plasma Network Management Applet
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
rrichmond created this revision.Tue, Sep 3, 10:10 PM
Restricted Application added a project: Frameworks. · View Herald TranscriptTue, Sep 3, 10:10 PM
Restricted Application added 1 blocking reviewer(s): jgrulich. · View Herald Transcript
Restricted Application added a subscriber: kde-frameworks-devel. · View Herald Transcript
rrichmond requested review of this revision.Tue, Sep 3, 10:10 PM
pino added a subscriber: pino.Wed, Sep 4, 4:58 AM
pino added inline comments.
plasma-nm-5.15.5/vpn/strongswan/strongswanprop.ui
291 ↗(On Diff #65357)

nitpick: "Cipher Proposals"

295–299 ↗(On Diff #65357)

maybe use the checkable property of QGroupBox instead?

plasma-nm-5.15.5/vpn/strongswan/strongswanwidget.cpp
155–156 ↗(On Diff #65357)

should these be set only when the custom proposals are accepted?

I'm not sure the "Cipher Proposals" groupbox should be inside the "Options" groupbox, imo it should be separated groupbox

plasma-nm-5.15.5/vpn/strongswan/strongswanwidget.cpp
100 ↗(On Diff #65357)

Same here, probably pointless to set "IKE" and "ESP" when "Enable custom proposals" is false.

155–156 ↗(On Diff #65357)

Indeed, they should be set only when the "Enable custom proposals" checkbox is checked.

rrichmond updated this revision to Diff 65711.Mon, Sep 9, 11:42 PM

Moved custom cipher proposals into its own group box, with the checked property, encompassing the IKE/ESP proposal QLineEdit boxes.

rrichmond marked 5 inline comments as done.Mon, Sep 9, 11:43 PM

Do not enable "Custom cipher proposals" by default, that forces everyone to uncheck it.

rrichmond updated this revision to Diff 65799.Tue, Sep 10, 8:35 PM

Custom proposals unchecked by default.

jgrulich accepted this revision.Tue, Sep 10, 9:23 PM
This revision is now accepted and ready to land.Tue, Sep 10, 9:23 PM
This revision was automatically updated to reflect the committed changes.
Restricted Application added a project: Plasma. · View Herald TranscriptFri, Sep 13, 10:04 AM
Restricted Application added a subscriber: plasma-devel. · View Herald Transcript