diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index bca5956ce..e8682a286 100644
--- a/auth-dialog/main.c
+++ b/auth-dialog/main.c
@@ -745,9 +745,18 @@ static gboolean open_webview_idle(gpointer data)
// Create a browser instance
webView = WEBKIT_WEB_VIEW(webkit_web_view_new());
+ dont_use_proxy_for_auth = g_hash_table_lookup(ui_data->options,
+ NM_OPENCONNECT_DONT_USE_PROXY_AUTHENTICATION);
+
dm = webkit_web_view_get_website_data_manager(webView);
- if (dm)
+ if (dm) {
cm = webkit_website_data_manager_get_cookie_manager(dm);
+
+ if (dont_use_proxy_for_auth) {
+ // Ensure that proxies won't be used on auth dialog
+ webkit_website_data_manager_set_network_proxy_settings(dm, WEBKIT_NETWORK_PROXY_MODE_NO_PROXY, NULL);
+ }
+ }
if (cm)
storage = g_string_new (g_get_user_data_dir());
if (storage)
diff --git a/properties/nm-openconnect-dialog.ui b/properties/nm-openconnect-dialog.ui
index 43beb44a3..7d8adbde6 100644
--- a/properties/nm-openconnect-dialog.ui
+++ b/properties/nm-openconnect-dialog.ui
@@ -324,6 +324,23 @@
2
+
+
+
+ 0
+ 13
+ 2
+
+
0
- 13
+ 14
2
@@ -366,7 +383,7 @@
0
- 14
+ 15
@@ -384,7 +401,7 @@
1
- 14
+ 15
@@ -406,7 +423,7 @@
0
- 15
+ 16
diff --git a/properties/nm-openconnect-editor-plugin.c b/properties/nm-openconnect-editor-plugin.c
index 90dd5af55..4d04b878f 100644
--- a/properties/nm-openconnect-editor-plugin.c
+++ b/properties/nm-openconnect-editor-plugin.c
@@ -264,6 +264,11 @@ import (NMVpnEditorPlugin *iface, const char *path, GError **error)
if (true)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PREVENT_INVALID_CERT, "yes");
+ /* Don't use system proxy settings during authentication */
+ bval = g_key_file_get_boolean (keyfile, "openconnect", "DontUseProxyAuth", NULL);
+ if (true)
+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_DONT_USE_PROXY_AUTHENTICATION, "yes");
+
/* Soft token mode */
buf = g_key_file_get_string (keyfile, "openconnect", "StokenSource", NULL);
if (buf)
@@ -366,6 +371,10 @@ export (NMVpnEditorPlugin *iface,
if (value && !strcmp (value, "yes"))
prevent_invalid_cert = TRUE;
+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_DONT_USE_PROXY_AUTHENTICATION);
+ if (value && !strcmp (value, "yes"))
+ prevent_invalid_cert = TRUE;
+
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_TOKEN_MODE);
if (value && strlen (value))
token_mode = value;
diff --git a/properties/nm-openconnect-editor.c b/properties/nm-openconnect-editor.c
index de0c27a1b..1d9161a82 100644
--- a/properties/nm-openconnect-editor.c
+++ b/properties/nm-openconnect-editor.c
@@ -364,7 +364,17 @@ init_editor_plugin (OpenconnectEditor *self, NMConnection *connection, GError **
}
g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);
- widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "csd_button"));
+ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "dont_use_proxy_for_authentication"));
+ g_return_val_if_fail (widget, FALSE);
+
+ if (s_vpn) {
+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_DONT_USE_PROXY_AUTHENTICATION);
+ if (value && !strcmp(value, "yes"))
+ gtk_check_button_set_active (GTK_CHECK_BUTTON (widget), TRUE);
+ }
+ g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "csd_button"));
g_return_val_if_fail (widget, FALSE);
if (s_vpn) {
@@ -468,6 +478,10 @@ update_connection (NMVpnEditor *iface,
str = gtk_check_button_get_active (GTK_CHECK_BUTTON (widget))?"yes":"no";
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PREVENT_INVALID_CERT, str);
+ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "dont_use_proxy_for_authentication"));
+ str = gtk_check_button_get_active (GTK_CHECK_BUTTON (widget))?"yes":"no";
+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_DONT_USE_PROXY_AUTHENTICATION, str);
+
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "csd_button"));
str = gtk_check_button_get_active (GTK_CHECK_BUTTON (widget))?"yes":"no";
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_CSD_ENABLE, str);
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 4e7d48132..7fc979eaf 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -43,6 +43,7 @@
#define NM_OPENCONNECT_KEY_MTU "mtu"
#define NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID "pem_passphrase_fsid"
#define NM_OPENCONNECT_KEY_PREVENT_INVALID_CERT "prevent_invalid_cert"
+#define NM_OPENCONNECT_DONT_USE_PROXY_AUTHENTICATION "no_proxy_auth"
#define NM_OPENCONNECT_KEY_PROTOCOL "protocol"
#define NM_OPENCONNECT_KEY_PROXY "proxy"
#define NM_OPENCONNECT_KEY_CSD_ENABLE "enable_csd_trojan"
diff --git a/src/nm-openconnect-service.c b/src/nm-openconnect-service.c
index 05e809507..924553c30 100644
--- a/src/nm-openconnect-service.c
+++ b/src/nm-openconnect-service.c
@@ -88,6 +88,7 @@ static const ValidProperty valid_properties[] = {
{ NM_OPENCONNECT_KEY_MTU, G_TYPE_STRING, 0, 0 },
{ NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID, G_TYPE_BOOLEAN, 0, 0 },
{ NM_OPENCONNECT_KEY_PREVENT_INVALID_CERT, G_TYPE_BOOLEAN, 0, 0 },
+ { NM_OPENCONNECT_DONT_USE_PROXY_AUTHENTICATION, G_TYPE_BOOLEAN, 0, 0 },
{ NM_OPENCONNECT_KEY_PROTOCOL, G_TYPE_STRING, 0, 0 },
{ NM_OPENCONNECT_KEY_PROXY, G_TYPE_STRING, 0, 0 },
{ NM_OPENCONNECT_KEY_CSD_ENABLE, G_TYPE_BOOLEAN, 0, 0 },
@@ -603,7 +604,7 @@ real_need_secrets (NMVpnServicePlugin *plugin,
}
/* We just need the WebVPN cookie, and the final IP address of the gateway
- (after HTTP redirects, which do happen). All the certificate/SecurID
+ (after HTTP redirects, which do happen). All the certificate/SecurID
nonsense can be handled for us, in the user's context, by auth-dialog */
if (!nm_setting_vpn_get_secret (s_vpn, NM_OPENCONNECT_KEY_GATEWAY)) {
*setting_name = NM_SETTING_VPN_SETTING_NAME;