Accept nil cipher/digest in AppExtension

Reorganize code for clarity.

TunnelKit.podspec

@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
     s.name              = "TunnelKit"
-    s.version           = "1.6.0"
+    s.version           = "1.6.1"
     s.summary           = "Non-official OpenVPN client for Apple platforms."
 
     s.homepage          = "https://github.com/keeshux/tunnelkit"

TunnelKit.xcodeproj/project.pbxproj

@@ -1470,7 +1470,7 @@
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				CODE_SIGN_IDENTITY = "iPhone Developer";
 				COPY_PHASE_STRIP = NO;
-				CURRENT_PROJECT_VERSION = 451;
+				CURRENT_PROJECT_VERSION = 466;
 				DEBUG_INFORMATION_FORMAT = dwarf;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_TESTABILITY = YES;
@@ -1534,7 +1534,7 @@
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				CODE_SIGN_IDENTITY = "iPhone Developer";
 				COPY_PHASE_STRIP = NO;
-				CURRENT_PROJECT_VERSION = 451;
+				CURRENT_PROJECT_VERSION = 466;
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
 				ENABLE_NS_ASSERTIONS = NO;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
@@ -1567,7 +1567,7 @@
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = "";
 				DYLIB_COMPATIBILITY_VERSION = 1;
-				DYLIB_CURRENT_VERSION = 451;
+				DYLIB_CURRENT_VERSION = 466;
 				DYLIB_INSTALL_NAME_BASE = "@rpath";
 				FRAMEWORK_SEARCH_PATHS = "$(inherited)";
 				INFOPLIST_FILE = "$(SRCROOT)/TunnelKit-iOS/Info.plist";
@@ -1591,7 +1591,7 @@
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = "";
 				DYLIB_COMPATIBILITY_VERSION = 1;
-				DYLIB_CURRENT_VERSION = 451;
+				DYLIB_CURRENT_VERSION = 466;
 				DYLIB_INSTALL_NAME_BASE = "@rpath";
 				FRAMEWORK_SEARCH_PATHS = "$(inherited)";
 				INFOPLIST_FILE = "$(SRCROOT)/TunnelKit-iOS/Info.plist";
@@ -1615,7 +1615,7 @@
 				COMBINE_HIDPI_IMAGES = YES;
 				DEFINES_MODULE = YES;
 				DYLIB_COMPATIBILITY_VERSION = 1;
-				DYLIB_CURRENT_VERSION = 451;
+				DYLIB_CURRENT_VERSION = 466;
 				DYLIB_INSTALL_NAME_BASE = "@rpath";
 				FRAMEWORK_VERSION = A;
 				INFOPLIST_FILE = "$(SRCROOT)/TunnelKit-macOS/Info.plist";
@@ -1639,7 +1639,7 @@
 				COMBINE_HIDPI_IMAGES = YES;
 				DEFINES_MODULE = YES;
 				DYLIB_COMPATIBILITY_VERSION = 1;
-				DYLIB_CURRENT_VERSION = 451;
+				DYLIB_CURRENT_VERSION = 466;
 				DYLIB_INSTALL_NAME_BASE = "@rpath";
 				FRAMEWORK_VERSION = A;
 				INFOPLIST_FILE = "$(SRCROOT)/TunnelKit-macOS/Info.plist";

TunnelKit/Sources/AppExtension/TunnelKitProvider+Configuration.swift

@@ -111,38 +111,17 @@ extension TunnelKitProvider {
             
             //
 
-            guard let cipherAlgorithm = providerConfiguration[S.cipherAlgorithm] as? String, let cipher = SessionProxy.Cipher(rawValue: cipherAlgorithm) else {
-                throw ProviderConfigurationError.parameter(name: "protocolConfiguration.providerConfiguration[\(S.cipherAlgorithm)]")
-            }
-            guard let digestAlgorithm = providerConfiguration[S.digestAlgorithm] as? String, let digest = SessionProxy.Digest(rawValue: digestAlgorithm) else {
-                throw ProviderConfigurationError.parameter(name: "protocolConfiguration.providerConfiguration[\(S.digestAlgorithm)]")
-            }
-
-            let ca: CryptoContainer
-            let clientCertificate: CryptoContainer?
-            let clientKey: CryptoContainer?
             guard let caPEM = providerConfiguration[S.ca] as? String else {
                 throw ProviderConfigurationError.parameter(name: "protocolConfiguration.providerConfiguration[\(S.ca)]")
             }
-            ca = CryptoContainer(pem: caPEM)
-            if let clientPEM = providerConfiguration[S.clientCertificate] as? String {
-                guard let keyPEM = providerConfiguration[S.clientKey] as? String else {
-                    throw ProviderConfigurationError.parameter(name: "protocolConfiguration.providerConfiguration[\(S.clientKey)]")
-                }
-
-                clientCertificate = CryptoContainer(pem: clientPEM)
-                clientKey = CryptoContainer(pem: keyPEM)
-            } else {
-                clientCertificate = nil
-                clientKey = nil
-            }
 
             var sessionConfigurationBuilder = SessionProxy.ConfigurationBuilder()
-            sessionConfigurationBuilder.ca = ca
+            if let cipherAlgorithm = providerConfiguration[S.cipherAlgorithm] as? String {
-            sessionConfigurationBuilder.cipher = cipher
+                sessionConfigurationBuilder.cipher = SessionProxy.Cipher(rawValue: cipherAlgorithm)
-            sessionConfigurationBuilder.digest = digest
+            }
-            sessionConfigurationBuilder.clientCertificate = clientCertificate
+            if let digestAlgorithm = providerConfiguration[S.digestAlgorithm] as? String {
-            sessionConfigurationBuilder.clientKey = clientKey
+                sessionConfigurationBuilder.digest = SessionProxy.Digest(rawValue: digestAlgorithm)
+            }
             if let compressionFramingValue = providerConfiguration[S.compressionFraming] as? Int, let compressionFraming = SessionProxy.CompressionFraming(rawValue: compressionFramingValue) {
                 sessionConfigurationBuilder.compressionFraming = compressionFraming
             } else {
@@ -153,6 +132,14 @@ extension TunnelKitProvider {
             } else {
                 sessionConfigurationBuilder.compressionAlgorithm = ConfigurationBuilder.defaults.sessionConfiguration.compressionAlgorithm
             }
+            sessionConfigurationBuilder.ca = CryptoContainer(pem: caPEM)
+            if let clientPEM = providerConfiguration[S.clientCertificate] as? String {
+                guard let keyPEM = providerConfiguration[S.clientKey] as? String else {
+                    throw ProviderConfigurationError.parameter(name: "protocolConfiguration.providerConfiguration[\(S.clientKey)]")
+                }
+                sessionConfigurationBuilder.clientCertificate = CryptoContainer(pem: clientPEM)
+                sessionConfigurationBuilder.clientKey = CryptoContainer(pem: keyPEM)
+            }
             if let tlsWrapData = providerConfiguration[S.tlsWrap] as? Data {
                 do {
                     sessionConfigurationBuilder.tlsWrap = try SessionProxy.TLSWrap.deserialized(tlsWrapData)
@@ -172,10 +159,10 @@ extension TunnelKitProvider {
                 return ep
             }
             sessionConfigurationBuilder.checksEKU = providerConfiguration[S.checksEKU] as? Bool ?? ConfigurationBuilder.defaults.sessionConfiguration.checksEKU
-            sessionConfigurationBuilder.dnsServers = providerConfiguration[S.dnsServers] as? [String]
-            sessionConfigurationBuilder.searchDomain = providerConfiguration[S.searchDomain] as? String
             sessionConfigurationBuilder.randomizeEndpoint = providerConfiguration[S.randomizeEndpoint] as? Bool ?? ConfigurationBuilder.defaults.sessionConfiguration.randomizeEndpoint
             sessionConfigurationBuilder.usesPIAPatches = providerConfiguration[S.usesPIAPatches] as? Bool ?? ConfigurationBuilder.defaults.sessionConfiguration.usesPIAPatches
+            sessionConfigurationBuilder.dnsServers = providerConfiguration[S.dnsServers] as? [String]
+            sessionConfigurationBuilder.searchDomain = providerConfiguration[S.searchDomain] as? String
             sessionConfiguration = sessionConfigurationBuilder.build()
 
             shouldDebug = providerConfiguration[S.debug] as? Bool ?? ConfigurationBuilder.defaults.shouldDebug
@@ -225,16 +212,16 @@ extension TunnelKitProvider {
             
             static let digestAlgorithm = "DigestAlgorithm"
             
+            static let compressionFraming = "CompressionFraming"
+            
+            static let compressionAlgorithm = "CompressionAlgorithm"
+            
             static let ca = "CA"
             
             static let clientCertificate = "ClientCertificate"
             
             static let clientKey = "ClientKey"
             
-            static let compressionFraming = "CompressionFraming"
-            
-            static let compressionAlgorithm = "CompressionAlgorithm"
-            
             static let tlsWrap = "TLSWrap"
 
             static let keepAlive = "KeepAlive"
@@ -245,14 +232,14 @@ extension TunnelKitProvider {
             
             static let checksEKU = "ChecksEKU"
 
-            static let dnsServers = "DNSServers"
-            
-            static let searchDomain = "SearchDomain"
-            
             static let randomizeEndpoint = "RandomizeEndpoint"
             
             static let usesPIAPatches = "UsesPIAPatches"
             
+            static let dnsServers = "DNSServers"
+            
+            static let searchDomain = "SearchDomain"
+            
             // MARK: Debugging
             
             static let debug = "Debug"

TunnelKitHost/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.6.0</string>
+	<string>1.6.1</string>
 	<key>CFBundleVersion</key>
 	<string>1</string>
 	<key>LSRequiresIPhoneOS</key>

TunnelKitTests-iOS/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>BNDL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.6.0</string>
+	<string>1.6.1</string>
 	<key>CFBundleVersion</key>
 	<string>1</string>
 </dict>

TunnelKitTests-macOS/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>BNDL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.6.0</string>
+	<string>1.6.1</string>
 	<key>CFBundleVersion</key>
 	<string>1</string>
 </dict>